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The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National 
Institute of Standards and Technology <https://www.nist.gov/> (NIST) National Vulnerability Database 
<https://nvd.nist.gov/> (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the 
bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include 


CVSS scores once they are available. 


Vulnerabilities are based on the Common Vulnerabilities and Exposures <https://cve.mitre.org/> (CVE) vulnerability 
naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System 
<https://nvd.nist.gov/cvss.cfm> (CVSS) standard. The division of high, medium, and low severities correspond to the 


following scores: 


E High: vulnerabilities with a CVSS base score of 7.0-10.0 
E Medium: vulnerabilities with a CVSS base score of 4.0-6.9 


E Low: vulnerabilities with a CVSS base score of 0.0-3.9 
Entries may include additional information provided by organizations and efforts sponsored by CISA. This 
information may include identifying information, values, definitions, and related links. Patch information is provided 


when available. Please note that some of the information in the bulletin is compiled from external, open-source 


reports and is not a direct result of CISA analysis. 


High Vulnerabilities 


Primary 
Vendor -- Product 


le--platform 


Description 


The 1E-Exchange-URLResponseTime instruction 
that is part of the Network product pack 
available on the 1E Exchange does not properly 
validate the URL parameter, which allows for a 
specially crafted input to perform arbitrary code 
execution with SYSTEM permissions. To 
remediate this issue download the updated 
Network product pack from the 1E Exchange 
and update the 1E-Exchange-URLResponseTime 
instruction to v20.1 by uploading it through the 
1E Platform instruction upload UI 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


7.2 


Source & 
Patch Info 


CVE-2023- 
45161 

MISC 
<https://www.1 
e.com/trust- 
security- 
compliance/cve 
-info/> 

MISC 
<https://exchan 
ge.le.com/prod 
uct- 


packs/network/ 


> 


Primary 


Vendor -- Product 


le--platform 


Publish 


Description 
p ed 


The 1E-Exchange-CommandLinePing instruction 
that is part of the Network product pack 
available on the 1E Exchange does not properly 
validate the input parameter, which allows for a 
specially crafted input to perform arbitrary code 
execution with SYSTEM permissions. To 
remediate this issue download the updated 
Network product pack from the 1E Exchange 
and update the 1E-Exchange-CommandLinePing 
instruction to v18.1 by uploading it through the 
1E Platform instruction upload UI 


2023-11- 
06 


CVSS 
Score 


7.2 


Source & 
Patch Info 


CVE-2023- 
45163 

MISC 
<https://www.1 
e.com/trust- 
security- 
compliance/cve 
-info/> 

MISC 
<https://https:// 
exchange.le.co 
m/product- 
packs/network/ 


> 


Primary 


Vendor -- Product 


le --platform 


Publish 


Description 
p ed 


The 1E-Exchange-DisplayMessageinstruction 
that is part of the End-User Interaction product 
pack available on the 1E Exchange does not 
properly validate the Caption or Message 
parameters, which allows for a specially crafted 
input to perform arbitrary code execution with 
SYSTEM permissions. To remediate this issue 
DELETE the instruction "Show dialogue with 


2023-11- 
caption %Caption% and message %Message%" 


06 
from the list of instructions in the Settings Ul, 


and replace it with the new instruction 1E- 
Exchange-ShowNotification instruction 
available in the updated End-User Interaction 
product pack. The new instruction should show 
as "Show %Type% type notification with header 
%Header% and message %Message%" with a 
version of 7.1 or above. 


CVSS 
Score 


7.2 


Source & 
Patch Info 


CVE-2023- 
5964 

MISC 
<https://exchan 
ge.le.com/prod 
uct-packs/end- 
user- 
interaction/> 
MISC 
<https://www.1 
e.com/trust- 
security- 
compliance/cve 


-info/> 


Primary 
Vendor -- Product 


7-zip -- 7-zip 


advanced_export_produ 
cts_orders_cron_csv_ex 
cel_project -- 
advanced_export_produ 
cts_orders_cron_csv_ex 
cel 


Description 


7-Zip through 22.01 on Linux allows an integer 
underflow and code execution via a crafted 7Z 
archive. 


Insecure permissions in Smart Soft 
advancedexport before v4.4.7 allow 
unauthenticated attackers to arbitrarily 
download user information from the 
ps_customer table. 


Publish 
ed 


2023-11- 
03 


2023-11- 
07 


CVSS 
Score 


7.8 


7.5 


Source & 
Patch Info 


CVE-2023- 
31102 

MISC 
<https://source 
forge.net/p/sev 
enzip/discussio 
n/45797/thread 
/713c8a8269/> 
MISC 
<https://www.7- 
zip.org/downlo 
ad.html> 

MISC 
<https://www.z 
erodayinitiative 
.com/advisories 
/zdi-23-1165/> 


CVE-2023- 
43984 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
A local non-privileged user can make improper 
arm -- GPU memory processing operations. If the 
. felis nis 2023-11- CVE-2023- 
valhall_gpu_kernel_driv operations are carefully prepared, then they 07 7.8 3889 
er could be used to gain access to already freed 
memory. 
arm-- A local non-privileged user can make improper 
| ae | a 2023-11- CVE-2023- 
valhall_gpu_kernel_driv GPU memory processing operations to gain 07 7.8 4295 
er access to already freed memory. 
ASUS RT-AX55's authentication-related 
: ae f i ° CVE-2023- 
function has a vulnerability of insufficient 41345 
filtering of special characters within its token- MISC 
; generated module. An authenticated remote 2023-11- 
asus --rt-ax55_ firmware i , B 8.8 <https://www.t 
attacker can exploit this vulnerability to perform 03 


P F : wcert.org.tw/t 
a Command Injection attack to execute arbitrary 
w/cp-132-7496- 


commands, disrupt the system, or terminate 
96e2c-1.html> 


services. 


Primary 
Vendor -- Product 


asus --rt-ax55_ firmware 


asus --rt-ax55_ firmware 


Publish 


D ipti 
escription ed 


ASUS RT-AX55's authentication-related 

function has a vulnerability of insufficient 

filtering of special characters within its token- 

2023-11- 
attacker can exploit this vulnerability to perform 03 


refresh module. An authenticated remote 


a Command Injection attack to execute arbitrary 
commands, disrupt the system or terminate 
services. 


ASUS RT-AX55's authentication-related 

function has a vulnerability of insufficient 

filtering of special characters within its check 

2023-11- 
attacker can exploit this vulnerability to perform 03 


token module. An authenticated remote 


a Command Injection attack to execute arbitrary 
commands, disrupt the system or terminate 
services. 


CVSS 
Score 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
41346 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7497- 
f92ac-1.html> 


CVE-2023- 
41347 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7498- 
18012-1.html> 


Primary 
Vendor -- Product 


asus --rt-ax55_ firmware 


asus --rt-ax5/7_firmware 


asus --rt-ax5/_firmware 


asus --rt-ax5/7_firmware 


Description 


ASUS RT-AX55's authentication-related 
function has a vulnerability of insufficient 
filtering of special characters within its code- 
authentication module. An authenticated remote 
attacker can exploit this vulnerability to perform 
a Command Injection attack to execute arbitrary 
commands, disrupt the system or terminate 
services. 


An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 
allows a remote attacker to execute arbitrary 
code via a crafted request to the lan_ifname 
field in the sub_ln 2C318 function. 


An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 
allows a remote attacker to execute arbitrary 
code via a crafted request to the lan_ipaddr 
field in the sub_6FC74 function. 


An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 
allows a remote attacker to execute arbitrary 
code via a crafted request to the lan_ifname 
field in the sub_391B8 function. 


Publish CVSS 


ed Score 
2023-11- 
03 
2023-11- 
9.8 
09 
2023-11- 
9.8 
09 
2023-11- 
9.8 
09 


Source & 
Patch Info 


CVE-2023- 
41348 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7499- 
63907-1.html> 


CVE-2023- 
47005 


CVE-2023- 
47006 


CVE-2023- 
47007 


Primary 
Vendor -- Product 


asus --rt-ax5/_firmware 


best_courier_manageme 
nt_system -- 
best_courier_manageme 
nt_system 


we a Publish 
Description ed 
An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 
allows a remote attacker to execute arbitrary 2023-11- 


code via a crafted request to the ifname field in 09 
the sub_4CCE4 function. 


An issue in Best Courier Management System 
2023-11- 
arbitrary code and escalate privileges via a 03 


v.1.0 allows a remote attacker to execute 


crafted script to the userID parameter. 


CVSS 
Score 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
47008 


CVE-2023- 
46980 

MISC 
<https://youtu.b 
e/3mz2lselg7y 


> 
MISC 
<https://github. 
com/sajaljat/cv 
e-2023- 
46980/tree/ma 


in> 


Primary 
Vendor -- Product 


bestpractical -- 
request_tracker 


Description 


Best Practical Request Tracker (RT) before 4.4.7 
and 5.x before 5.0.5 allows Information 
Disclosure via fake or spoofed RT email headers 
in an email message or a mail-gateway REST 


API call. 


Publish 
ed 


2023-11- 


03 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
41259 

MISC 
<https://docs.b 
estpractical.co 
m/release- 
notes/rt/index. 
html> 
CONFIRM 
<https://docs.b 
estpractical.co 
m/release- 
notes/rt/4.4.7> 
CONFIRM 
<https://docs.b 
estpractical.co 
m/release- 


notes/rt/5.0.5> 


Primary 


Vendor -- Product 


bestpractical -- 
request_tracker 


ae Publish CVSS 
Description 


ed Score 
Best Practical Request Tracker (RT) before 4.4.7 
and 5.x before 5.0.5 allows Information 2023-11- 
Exposure in responses to mail-gateway REST 03 


API calls. 


Source & 
Patch Info 


CVE-2023- 
41260 

MISC 
<https://docs.b 
estpractical.co 
m/release- 
notes/rt/index. 
html> 
CONFIRM 
<https://docs.b 
estpractical.co 
m/release- 
notes/rt/4.4.7> 
CONFIRM 
<https://docs.b 
estpractical.co 
m/release- 


notes/rt/5.0.5> 


Primary 
Vendor -- Product 


bestpractical -- 
request_tracker 


bleachbit --bleachbit 


Description pupae 
ed 

Best Practical Request Tracker (RT) 5 before 

5.0.5 allows Information Disclosure via a 2023-11- 

transaction search in the transaction query 03 

builder. 

BleachBit cleans files to free disk space and to 

maintain privacy. BleachBit for Windows up to 

version 4.4.2 is vulnerable to a DLL Hijacking 2023-11- 

vulnerability. By placing a DLL in the Folder 08 


c:\DLLs, an attacker can run arbitrary code on 
every execution of BleachBit for Windows. This 
issue has been patched in version 4.5.0. 


CVSS 
Score 


7.5 


7.3 


Source & 
Patch Info 


CVE-2023- 
45024 

MISC 
<https://docs.b 
estpractical.co 
m/release- 
notes/rt/index. 
html> 
CONFIRM 
<https://docs.b 
estpractical.co 
m/release- 


notes/rt/5.0.5> 


CVE-2023- 
47113 


Primary 
Vendor -- Product 


boltwire --boltwire 


botan_project --botan 


Description 


An issue in BoltWire v.6.03 allows a remote 
attacker to obtain sensitive information via a 
crafted payload to the view and change admin 
password function. 


bcrypt password hashing in Botan before 2.1.0 
does not correctly handle passwords with a 
length between 57 and 72 characters, which 
makes it easier for attackers to determine the 
cleartext password. 


Publish 
ed 


2023-11- 
07 


2023-11- 
03 


CVSS 
Score 


9.1 


7.5 


Source & 
Patch Info 


CVE-2023- 
46501 


CVE-2017- 
7252 
CONFIRM 
<https://botan.r 
andombit.net/s 


ecurity.html> 


MISC 


Primary 
Vendor -- Product 


clickbar --dot-diver 


couchbase -- 
couchbase_server 


Publish 


Description 
j ed 


Dot diver is a lightweight, powerful, and 
dependency-free TypeScript utility library that 
provides types and functions to work with object 
paths in dot notation. In versions prior to 1.0.2 


there is a Protot Polluti l bility in th 
ere is a Prototype Pollution vulnerability in the EER 


`setByPath` function which can leads to remote 06 


code execution (RCE). This issue has been 
addressed in commit 98daf567 which has been 
included in release 1.0.2. Users are advised to 
upgrade. There are no known workarounds to 
this vulnerability. 


Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 2023-11- 
before 7.2.1 allows Directory Traversal. 08 


CVSS 
Score 


9.8 


7.5 


Source & 
Patch Info 


CVE-2023- 
45827 

MISC 
<https://github. 
com/clickbar/d 
ot- 
diver/security/a 
dvisories/ghsa- 
9w5f-mw3p- 
pj47> 

MISC 
<https://github. 
com/clickbar/d 
ot- 
diver/commit/9 
8daf567390d8 
16fd378ec998 
eefe2e97f293d 


5a> 


CVE-2023- 
36667 


Primary 
Vendor -- Product 


djangoproject --django 


Publish 


D ipti 
escription ed 


In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 

4.2 before 4.2.5, 

django.utils.encoding.uri_to_iri() is subject toa 2023-11- 
potential DoS (denial of service) attack via 03 
certain inputs with a very large number of 

Unicode characters. 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
41164 
CONFIRM 
<https://www.dj 
angoproject.co 
m/weblog/2023 
/sep/04/securit 
y-releases/> 
MISC 
<https://docs.dj 
angoproject.co 
m/en/4.2/releas 


es/security/> 


Primary 
Vendor -- Product 


djangoproject --django 


ec-cube --ec-cube 


Publish 


D ipti 
escription ed 


In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 

4.2 before 4.2.6, the django.utils.text.Truncator 

chars() and words() methods (when used with 

html=True) are subject to a potential DoS (denial 

of service) attack via certain inputs with very 

2023-11- 
chars() and words() methods are used to 03 


long, potentially malformed HTML text. The 


implement the truncatechars_html and 
truncatewords_html template filters, which are 
thus also vulnerable. NOTE: this issue exists 
because of an incomplete fix for CVE-2019- 
14232. 


EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 
series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 
4.2.0 to 4.2.2) contain an arbitrary code 


execution vulnerability due to improper settings 
i ps S| 202841: 


of the template engine Twig included in the 07 


product. As a result, arbitrary code may be 
executed on the server where the product is 
running by a user with an administrative 
privilege. 


CVSS 
Score 


7.5 


7.2 


Source & 
Patch Info 


CVE-2023- 
43665 
CONFIRM 
<https://www.dj 
angoproject.co 
m/weblog/2023 
/oct/04/securit 
y-releases/> 
MISC 
<https://docs.dj 
angoproject.co 
m/en/4.2/releas 


es/security/> 


CVE-2023- 
46845 


Primary 
Vendor -- Product 


eclipse --glassfish 


Publish 
Description uais 


ed 
In Eclipse Glassfish 5 or 6, running with old 
versions of JDK (lower than 6u211, or < 7u201, or 2023-11 
< 8u191), allows remote attackers to load 03 


malicious code on the server via access to 
insecure ORB listeners. 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
5763 

MISC 
<https://glassfi 
sh.org/docs/lat 
est/security- 
guide.html#sec 
uring-glassfish- 
server> 

MISC 
<https://gitlab. 
eclipse.org/sec 
urity/cve- 
assignement/-/i 


ssues/14> 


Primary 
Vendor -- Product 


eclipse --parsson 


espressif --esptool 


wordpress -- wordpress 


Publish 


D ipti 
escription ed 


In Eclipse Parsson before versions 1.1.4 and 1.0.5, 
Parsing JSON from untrusted sources can lead 
malicious actors to exploit the fact that the 


built-in support for parsing numbers with large 2023-11- 


scale in Java has a number of edge cases where 03 


the input text of a number can lead to much 
larger processing time than one would expect. 
To mitigate the risk, parsson put in place a size 
limit for the numbers as well as their scale. 


Ani i i tool 4.6.2 all 
n issue discovered in esptoo allows 202311- 


attackers to view sensitive information via weak 09 


cryptographic algorithm. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Alex Raven WP Report Post plugin <= 2.1.2 
versions. 


2023-11- 
09 


CVSS 
Score 


7.5 


7.5 


8.8 


Source & 
Patch Info 


CVE-2023- 
4043 

MISC 
<https://github. 
com/eclipse- 
ee4j/parsson/p 
ull/100> 

MISC 
<https://gitlab. 
eclipse.org/sec 
urity/vulnerabil 
ity- 
reports/-/issues 
/13> 


CVE-2023- 
46894 


CVE-2023- 
34171 


Primary 


Vendor -- Product 


exiv2 --exiv2 


felixwelberg -- 
sis_handball 


Publish 


Description 
p ed 


Exiv2 is a C++ library and a command-line utility 
to read, write, delete and modify Exif, IPTC, XMP 
and ICC image metadata. An out-of-bounds 
write was found in Exiv2 version v0.28.0. The 
vulnerable function, 
`BmffImage::brotliUncompress`, is new in 


0.28.0, li i f Exiv2 t 
V so earlier versions o xIvc are _not_ 2023-11- 


affected. The out-of-bounds write is triggered 06 


when Exiv2 is used to read the metadata of a 
crafted image file. An attacker could potentially 
exploit the vulnerability to gain code execution, 
if they can trick the victim into running Exiv2 on 
a crafted image file. This bug is fixed in version 
v0.28.1. Users are advised to upgrade. There are 
no known workarounds for this vulnerability. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Felix Welberg SIS Handball 
allows SQL Injection.This issue affects SIS 
Handball: from n/a through 1.0.45. 


2023-11- 
06 


CVSS 
Score 


8.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
44398 

MISC 
<https://github. 
com/exiv2/exiv 
2/security/advi 
sories/ghsa- 
hrw9-ggg3- 
3r4r> 

MISC 
<https://github. 
com/exiv2/exiv 
2/commit/e884 
a0955359107f 
4031c74a0740 
6df7e99929a5 


> 


CVE-2023- 
33924 
MISC 


Primary 
Vendor -- Product 


froxlor -- froxlor 


frrouting --frrouting 


Publish 


Description 
p ed 


Improper Input Validation in GitHub repository 2023-11- 
froxlor/froxlor prior to 2.1.0. 10 


bgpd/bgp_flowspec.c in FRRouting (FRR) before 


, l 2023-11- 
8.4.3 mishandles an nlri length of zero, aka a 


06 
"flowspec overflow." 


CVSS 
Score 


8.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
6069 


CVE-2023- 
38406 

MISC 
<https://github. 
com/frrouting/f 
rr/pull/12884> 
MISC 
<https://github. 
com/frrouting/f 
rr/compare/frr- 
8.4.2...frr- 
8.4.3> 


Primary 
Vendor -- Product 


frrouting --frrouting 


Description 


bgpd/bgp_label.c in FRRouting (FRR) before 8.5 
attempts to read beyond the end of the stream 
during labeled unicast parsing. 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
38407 

MISC 
<https://github. 
com/frrouting/f 
rr/pull/12956> 
MISC 
<https://github. 
com/frrouting/f 
rr/compare/frr- 
8.5-rc...frr-8.5> 
MISC 
<https://github. 
com/frrouting/f 
rr/pull/12951> 


Primary 
Vendor -- Product 


frrouting --frrouting 


frrouting --frrouting 


Publish 
Description ae 


ed 
An issue was discovered in FRRouting FRR 
through 9.0.1. A crash can occur when 
processing acrafted BGP UPDATE message 2023-11- 


with a MP_LUNREACH_NLRI attribute and 03 
additional NLRI data (that lacks mandatory path 
attributes). 


An issue was discovered in FRRouting FRR 
through 9.0.1. A crash can occur when a 
malformed BGP UPDATE message with an EOR 
is processed, because the presence of EOR does 


2023-11- 
03 


not lead to a treat-as-withdraw outcome. 


CVSS 
Score 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
47234 

MISC 
<https://github. 
com/frrouting/f 
rr/pull/14716/co 
mmits/c37119d 
f45bbf4ef713b 
c10475af2ee06 
el2f3bf> 


CVE-2023- 
47235 

MISC 
<https://github. 
com/frrouting/f 
rr/pull/14716/co 
mmits/6814f2e 
0138a6ea5elf8 
3bdd9085d9a7 
7999900b> 


Primary 
Vendor -- Product 


ge--micom_s1_agile 


gitlab--gitlab 


google --android 


Publish 


Description 
a ed 


General Electric MiCOM S1 Agile is vulnerable to 

an attacker achieving code execution by placing 2023-11- 
malicious DLL files in the directory of the 07 
application. 


An issue has been discovered in GitLab EE 
affecting all versions starting from 11.6 before 
16.3.6, all versions starting from 16.4 before 
16.4.2, all versions starting from 16.5 before 
16.5.1. It was possible for an unauthorised 


2023-11- 
06 


project or group member to read the Cl/CD 
variables using the custom project templates. 


In video, there is a possible out of bounds write 

due to a missing bounds check. This could lead 

2023-11- 
execution privileges needed. User interaction is 06 


to local escalation of privilege with no additional 


not needed for exploitation. Patch ID: 
ALPS08235273; Issue ID: ALPSO8250357. 


CVSS 
Score 


7.3 


V1 


78 


Source & 
Patch Info 


CVE-2023- 
0898 


CVE-2023- 
3399 

MISC 
<https://hacker 
one.com/report 
s/2021616> 
MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/416244> 


CVE-2023- 
32837 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


Primary 
Vendor -- Product 


google --android 


google --chrome 


pac --spac 


Description 


In video, there is a possible memory corruption 
due to a race condition. This could lead to local 
escalation of privilege with no additional 
execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: 
ALPS08235273; Issue ID: ALPSO08235273. 


Use after free in WebAudio in Google Chrome 
prior to 119.0.6045.123 allowed a remote 
attacker to potentially exploit heap corruption 
via a crafted HTML page. (Chromium security 
severity: High) 


Out-of-bounds Read in GitHub repository 
gpac/gpac prior to 2.3.0-DEV. 


Publish 
ed 


2023-11- 
06 


2023-11- 
08 


2023-11- 
07 


CVSS 
Score 


8.8 


7.5 


Source & 
Patch Info 


CVE-2023- 
32832 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
5996 


CVE-2023- 
5998 


Primary 
Vendor -- Product 


group-office -- 
group_office 


gss-- 
vitals_enterprise_social 
_platform 


Description 


Group-Office is an enterprise CRM and 
groupware tool. In affected versions there is full 
Server-Side Request Forgery (SSRF) 
vulnerability in the /api/upload.php endpoint. 
The /api/upload.php endpoint does not filter 
URLs which allows a malicious user to cause the 
server to make resource requests to untrusted 
domains. Note that protocols like file:// can also 
be used to access the server disk. The request 
result (on success) can then be retrieved using 
/api/download.php. This issue has been 
addressed in versions 6.8.15, 6.7.54, and 6.6.177. 
Users are advised to upgrade. There are no 
known workarounds for this vulnerability. 


Galaxy Software Services Corporation Vitals 
ESP is an online knowledge base management 
portal, it has insufficient filtering and validation 
during file upload. An authenticated remote 
attacker with general user privilege can exploit 
this vulnerability to upload and execute scripts 
onto arbitrary directories to perform arbitrary 
system operations or disrupt service. 


Publish 
ed 


2023-11- 
07 


2023-11- 
03 


CVSS 
Score 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
46730 


CVE-2023- 
41357 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7508- 
6dlef-1.html> 


Primary 
Vendor -- Product 


huawei --emui 


huawei --emui 


huawei --emui 


huawei --emui 


huawei --harmonyos 


Description 


Vulnerability of missing encryption in the card 
management module. Successful exploitation of 
this vulnerability may affect service 
confidentiality. 


Vulnerability of uncaught exceptions in the NFC 
module. Successful exploitation of this 
vulnerability can affect NFC availability. 


Security vulnerability in the face unlock module. 
Successful exploitation of this vulnerability may 
affect service confidentiality. 


Vulnerability of uncaught exceptions in the NFC 
module. Successful exploitation of this 
vulnerability can affect NFC availability. 


Vulnerability of identity verification being 
bypassed in the face unlock module. Successful 
exploitation of this vulnerability will affect 
integrity and confidentiality. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


7.5 


7.5 


9.1 


Source & 
Patch Info 


CVE-2023- 
44098 


CVE-2023- 
46765 


CVE-2023- 
46771 


CVE-2023- 
46774 


CVE-2023- 
5801 


Primary 
Vendor -- Product 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


Description 


Vulnerability of improper permission control in 
the Booster module. Impact: Successful 
exploitation of this vulnerability may affect 
service confidentiality. 


The remote PIN module has a vulnerability that 
causes incorrect information storage 
locations.Successful exploitation of this 
vulnerability may affect confidentiality. 


Permission management vulnerability in the 
multi-screen interaction module. Successful 
exploitation of this vulnerability may cause 
service exceptions of the device. 


Permission control vulnerability in the call 
module. Successful exploitation of this 


vulnerability may affect service confidentiality. 


Out-of-bounds write vulnerability in the kernel 
driver module. Successful exploitation of this 
vulnerability may cause process exceptions. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


7.5 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
44115 


CVE-2023- 
46757 


CVE-2023- 
46758 


CVE-2023- 
46759 


CVE-2023- 
46760 


Primary 


Vendor -- Product 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


huawei --harmonyos 


Description 


Out-of-bounds write vulnerability in the kernel 
driver module. Successful exploitation of this 
vulnerability may cause process exceptions. 


Out-of-bounds write vulnerability in the kernel 
driver module. Successful exploitation of this 
vulnerability may cause process exceptions. 


Out-of-bounds write vulnerability in the kernel 
driver module. Successful exploitation of this 
vulnerability may cause process exceptions. 


Out-of-bounds write vulnerability in the kernel 
driver module. Successful exploitation of this 
vulnerability may cause process exceptions. 


Multi-thread vulnerability in the idmap module. 
Successful exploitation of this vulnerability may 
cause features to perform abnormally. 


Use-After-Free (UAF) vulnerability in the dubai 
module. Successful exploitation of this 
vulnerability will affect availability. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


7.5 


7.5 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
46761 


CVE-2023- 
46762 


CVE-2023- 
46766 


CVE-2023- 
46767 


CVE-2023- 
46768 


CVE-2023- 
46769 


Primary 


Vendor -- Product 


huawei --harmonyos 


ibm --cics_tx 


Description open 
ed 

Out-of-bounds vulnerability in the sensor 

module. Successful exploitation of this 2023-11- 

vulnerability may cause mistouch prevention 08 

errors on users' mobile phones. 

IBM CICS TX Standard 11.1 and Advanced 10.1, 

11.1 performs an operation at a privilege level 

that is higher than the minimum level required, 2023-11- 

which creates new weaknesses or amplifies the 03 


consequences of other weaknesses. IBM X- 
Force ID: 266163. 


CVSS 
Score 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
46770 


CVE-2023- 
43018 

MISC 
<https://exchan 
ge.xforce.ibmcel 
oud.com/vulner 
abilities/26616 
3> 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
63668> 


Primary 
Vendor -- Product 


ibm --mq_appliance 


aos Publish CVSS 
Description 


ed Score 
IBM MQ Appliance 9.3 CD could allow a local 
attacker to gain elevated privileges on the 2023-11- 78 
system, caused by improper validation of 03 l 


security keys. IBM X-Force ID: 269535. 


Source & 
Patch Info 


CVE-2023- 
46176 

MISC 
<https://exchan 
ge.xforce.ibmcel 
oud.com/vulner 
abilities/26953 
5> 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
60769> 


Primary 
Vendor -- Product 


ibm -- 
txseries_for_multiplatfo 
rms 


ae Publish CVSS 
Description 


ed Score 
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, 
and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are 
vulnerable to cross-site request forgery which 2023-11 
could allow an attacker to execute malicious 03 


and unauthorized actions transmitted from a 
user that the website trusts. IBM X-Force ID: 
266057. 


Source & 
Patch Info 


CVE-2023- 
42027 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
63664> 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
63659> 

MISC 
<https://exchan 
ge.xforce.ibmcel 
oud.com/vulner 
abilities/26605 
7> 


Primary 
Vendor -- Product 


intelliants --subrion 


ivanti--automation 


Description 


Subrion 4.2.1 has a remote command execution 
vulnerability in the backend. 


A locally authenticated attacker with low 
privileges can bypass authentication due to 
insecure inter-process communication. 


Publish CVSS 


Score 
2023-11- 
8.8 
03 
2023-11- 
7.8 
03 


Source & 
Patch Info 


CVE-2023- 
46947 

MISC 
<https://github. 
com/intelliants/ 
subrion/issues/ 
909> 


CVE-2022- 
44569 

MISC 
<https://help.iv 
anti.com/res/he 
lp/en_us/ia/202 
3/admin/conte 
nt/relnotes.htm 


> 


Primary rae Publish 
Description 


Vendor -- Product ed 
lvanti Avalanche Smart Device Service Missing 2023-11 
ivanti --avalanche Authentication Local Privilege Escalation 03 
Vulnerability 
lvanti Avalanche Printer Device Service Missing 2023-11 
ivanti --avalanche Authentication Local Privilege Escalation 03 


Vulnerability 


CVSS 
Score 


7.8 


7.8 


Source & 
Patch Info 


CVE-2022- 
43554 

MISC 
<https://downlo 
ad.wavelink.co 
m/files/avalanc 
he_v6.4.1.236_r 
elease_notes.tx 


t> 


CVE-2022- 
43555 

MISC 
<https://downlo 
ad.wavelink.co 
m/files/avalanc 
he_v6.4.1.236_r 
elease_notes.tx 


t> 


Primary 


D . ti 
Vendor -- Product escription 


lvanti Avalanche EnterpriseServer Service 
ivanti--avalanche Unrestricted File Upload Local Privilege 


Escalation Vulnerability 


; f Ivanti Avalanche Incorrect Default Permissions 
ivanti --avalanche i , “in 
allows Local Privilege Escalation Vulnerability 


Publish CVSS 


Score 
2023-11- 
7.8 
03 
2023-11- 
7.8 
03 


Source & 
Patch Info 


CVE-2023- 
41725 

MISC 
<https://downlo 
ad.wavelink.co 
m/files/avalanc 
he_v6.4.1.236_r 
elease_notes.tx 


t> 


CVE-2023- 
41726 

MISC 
<https://downlo 
ad.wavelink.co 
m/files/avalanc 
he_v6.4.1.236_r 
elease_notes.tx 


t> 


Primary 
Vendor -- Product 


kerawen --kerawen 


kubernetes --apiserver 


Publish 


Description 
R ed 


kerawen before v2.5.1 was discovered to contain 


eae l ‘lity via th , t 
a SQL injection vulnerability via the ocs_id_car 2023-11- 


arameter at 
F 04 


KerawenDeliveryModuleFrontController::initCon 
tent(). 


A security issue was discovered in kube- 

apiserver that allows an aggregated API server 

2023-11- 
lead to the client performing unexpected 03 


to redirect client traffic to any URL. This could 


actions as well as forwarding the client's API 
server credentials to third parties. 


CVSS 
Score 


9.8 


8.2 


Source & 
Patch Info 


CVE-2023- 
40922 

MISC 
<https://securit 
y.friendsofprest 
a.org/modules/ 
2023/11/02/ker 


awen.html> 


CVE-2022- 
3172 

MISC 
<https://github. 
com/kubernete 
s/kubernetes/is 
sues/112513> 
MISC 
<https://groups. 
google.com/g/k 
ubernetes- 
security- 
announce/c/_al 


zympprak> 


Primary Desertion Publish CVSS | Source & 
Vendor -- Product POARTE ed Score | Patch Info 


CVE-2023- 
3893 
MISC 
E : : <https://groups. 
A security issue was discovered in Kubernetes 


; google.com/g/k 
where a user that can create pods on Windows 


. i ubernetes- 
nodes running kubernetes-csi-proxy may be 
; ; a 2023-11- security- 
kubernetes --csi_proxy able to escalate to admin privileges on those 8.8 
: 03 announce/c/lw 
nodes. Kubernetes clusters are only affected if 
S . . kse2bocyq> 

they include Windows nodes running MISC 


kubernetes-csi-proxy. Hiveneithib 
<https://github. 


com/kubernete 
s/kubernetes/is 
sues/119594> 


Primary 
Vendor -- Product 


kyocera --d- 
copia253mf_plus_firmw 
are 


linagora --twake 


rae Publish 
Description 


ed 

Kyocera TASKalfa 4053ci printers through 
2VG_S000.002.561 allow a denial of service 

: t . 
(service outage) via 2023-11- 
/wlmdeu%2f%2e%2e%2f%2e%2e followed by a 03 
directory reference such as 
%2fetc%00index.htm to try to read the /etc 
directory. 
| Restricti fE i 
al = riction o KERESNE 2023-11- 
Authentication Attempts in GitHub repository 07 


linagora/twake prior to 2023.Q1.1223. 


CVSS 
Score 


7.5 


9.8 


Source & 
Patch Info 


CVE-2023- 
34260 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/jul/1 
5> 

MISC 
<https://sec- 
consult.com/vul 


nerability-lab/> 


CVE-2023- 
2675 


Primary 


Vendor -- Product 


linux --kernel 


MEE Publish 
Description ed 
An out-of-bounds (OOB) memory read flaw was 
found in parse_lease_state in the KSMBD 
implementation of the in-kernel samba server 
and CIFS in the Linux kernel. When an attacker 2023-11- 
sends the CREATE command with a malformed 03 


payload to KSMBD, due to a missing check of 
`NameOffset` in the `parse_lease_state() 
function, the ‘create_context object can access 
invalid memory. 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
1194 

MISC 

MISC 
<https://www.s 
pinics.net/lists/ 
stable- 
commits/msg3 
03065.html> 
MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-1194> 


Primary Desertion Publish CVSS | Source & 
Vendor -- Product POARTE ed Score | Patch Info 


CVE-2023- 
1476 
MISC 
: : <https://access. 
A use-after-free flaw was found in the Linux 


i redhat.com/err 
kernel's mm/mremap memory address space 


ata/rhsa- 
accounting source code. This issue occurs due 
: j ne 2023-11- 2023:1659> 
linux --kernel to a race condition between rmap walk and 03 7 MISC 


mremap, allowing a local user to crash the 
. y E <https://access. 
system or potentially escalate their privileges on 
redhat.com/sec 
the system. l 
urity/cve/cve- 


2023-1476> 
MISC 
MISC 


Primary 
Vendor -- Product 


lost_and_found_informa 
tion_system -- 
lost_and_found_informa 
tion_system 


Description 


Lost and Found Information System 1.0 allows 
account takeover via username and password to 
a /classes/Users.php?f=save URI. 


Publish 
ed 


2023-11- 
03 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
38965 

MISC 
<https://github. 
com/or4ngm4n 
/vulnreability- 
code-review- 
php/blob/main/ 
lost%20and%2 
Ofound%20info 
rmation%20sys 
tem%20v1.0.txt 
> 

MISC 
<http://packets 
tormsecurity.co 
m/files/175077 
/lost-and- 
found- 
information- 
system-1.0- 
insecure- 
direct-object- 


reference.html> 


Primary 
Vendor -- Product 


macvim --macvim 


mediatek --nr15 


Description 


Macvim is a text editor for MacOS. Prior to 
version 178, Macvim makes use of an insecure 
interprocess communication (IPC) mechanism 
which could lead to a privilege escalation. 
Distributed objects are a concept introduced by 
Apple which allow one program to vend an 
interface to another program. What is not made 
clear in the documentation is that this service 
can vend this interface to any other program on 
the machine. The impact of exploitation is a 
privilege escalation to root -this is likely to 
affect anyone who is not careful about the 
software they download and use MacVim to edit 
files that would require root privileges. Version 
178 contains a fix for this issue. 


In 5G NRLC, there is a possible invalid memory 
access due to lack of error handling. This could 
lead to remote denial of service, if UE received 
invalid 1-byte rlc sdu, with no additional 
execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: 
MOLY00921261; Issue ID: MOLY01128895. 


Publish 
ed 


2023-11- 
07 


2023-11- 
06 


CVSS 
Score 


7.8 


7.5 


Source & 
Patch Info 


CVE-2023- 
41036 


CVE-2023- 
20702 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


Primary 
Vendor -- Product 


microsoft -- 
edge_chromium 


microsoft -- 
edge_chromium 


microsoft -- 
edge_chromium 


midori-global -- 


better_pdf_exporter 


Description 


Microsoft Edge (Chromium-based) Remote Code 
Execution Vulnerability 


Microsoft Edge (Chromium-based) Remote Code 
Execution Vulnerability 


Microsoft Edge (Chromium-based) Elevation of 
Privilege Vulnerability 


Local File Inclusion vulnerability in Midori- 
global Better PDF Exporter for Jira Server and 
Jira Data Center v.10.3.0 and before allows an 
attacker to view arbitrary files and cause other 
impacts via use of crafted image during PDF 
export. 


Publish CVSS 


ed Score 
2023-11- 
10 
2023-11- 
7.3 
03 
2023-11- 74 
10 
2023-11- 
78 
07 


Source & 
Patch Info 


CVE-2023- 
36014 


CVE-2023- 
36034 

MISC 
<https://msrc.m 
icrosoft.com/up 
date- 
guide/vulnerabi 
lity/cve-2023- 
36034> 


CVE-2023- 
36024 


CVE-2023- 
42361 


Primary 
Vendor -- Product 


mitsubishi_electric-- 
fx3u-32mt/es_firmware 


MEE Publish 
Description ed 
Insufficient Verification of Data Authenticity 
vulnerability in Mitsubishi Electric Corporation 
MELSEC-F Series main modules and MELSEC 
iQ-F Series CPU modules allows a remote 2023-11- 
unauthenticated attacker to reset the memory 06 


of the products to factory default state and 
cause denial-of-service (DoS) condition on the 
products by sending specific packets. 


CVSS 
Score 


9.1 


Source & 
Patch Info 


CVE-2023- 
4699 

MISC 
<https://www.m 
itsubishielectri 
c.com/en/psirt/ 
vulnerability/pd 
£/2023- 
013_en.pdf> 
MISC 
<https://jvn.jp/v 
u/jvnvu946201 
34/> 

MISC 
<https://www.ci 
sa.gov/news- 
events/ics- 
advisories/icsa- 
23-306-03> 


Primary 
Vendor -- Product 


mongodb -- 
atlas_kubernetes_opera 
tor 


Publish 


D ipti 
escription ed 


The affected versions of MongoDB Atlas 

Kubernetes Operator may print sensitive 

information like GCP service account keys and 

API integration secrets while DEBUG mode 

logging is enabled. This issue affects MongoDB 

Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 

1.6.1, 1.7.0. Please note that this is reported on an 

EOL version of the product, and users are 

advised to upgrade to the latest supported 

version. Required Configuration: DEBUG 2023-11- 
logging is not enabled by default, and must be 07 
configured by the end-user. To check the log- 

level of the Operator, review the flags passed in 

your deployment configuration (eg. 
https://github.com/mongodb/mongodb-atlas- 
kubernetes/blob/main/config/manager/manage 
ryaml#L27 
https://github.com/mongodb/mongodb-atlas- 
kubernetes/blob/main/config/manager/manage 
ryaml#L27 ) 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
0436 


Primary 
Vendor -- Product 


nationaledtech -- 
boomerang 


Publish 


Description ed 

An issue was discovered in the Boomerang 

Parental Control application through 13.83 for 2023-11 
Android. The child can use Safe Mode to remove 03 


all restrictions temporarily or uninstall the 
application without the parents noticing. 


CVSS 
Score 


9.1 


Source & 
Patch Info 


CVE-2023- 
36621 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/jul/1 
2> 

MISC 
<https://sec- 
consult.com/bl 
og/detail/the- 
hidden-costs- 
of-parental- 
control-apps/> 
MISC 
<https://useboo 


merang.com/> 


Primary 
Vendor -- Product 


ncsist -- 
mobile_device_manager 


netskope --netskope 


Publish 


Description 
p ed 


NCSIST ManageEngine Mobile Device 

Manager(MDM) APP's special function has a 

2023-11- 
remote attacker can exploit this vulnerability to 03 
bypass authentication and read arbitrary system 

files. 


path traversal vulnerability. An unauthenticated 


Netskope was made aware of a security 
vulnerability in its NSClient product for version 
100 & prior where a malicious non-admin user 
can disable the Netskope client by using a 
specially crafted package. The root cause of the 


2023-11- 
problem was a user control code when called by 


06 
a Windows ServiceController did not validate 


the permissions associated with the user before 
executing the user control code. This user 
control code had permissions to terminate the 
NSClient service. 


CVSS 
Score 


7.5 


8.8 


Source & 
Patch Info 


CVE-2023- 
41344 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7507- 
55b28-1.html> 


CVE-2023- 
4996 

MISC 
<https://www.n 
etskope.com/co 
mpany/security 
-compliance- 
and- 
assurance/secu 
rity-advisories- 
and- 
disclosures/net 
skope-security- 
advisory- 
nskpsa-2023- 
003> 


Primary 
Vendor -- Product 


nokia -- g-O40w- 
q_firmware 


nokia -- g-O40w- 
q_firmware 


Publish 


D ipti 
escription ed 


Chunghwa Telecom NOKIA G-040W-Q has a 
vulnerability of insufficient measures to prevent 
multiple failed authentication attempts. An 
unauthenticated remote attacker can execute a 2023-11- 
crafted Javascript to expose captcha in page, 03 
making it very easy for bots to bypass the 

captcha check and more susceptible to brute 


force attacks. 


Chunghwa Telecom NOKIA G-O40W-Q has a 
vulnerability of authentication bypass, which 
allows an unauthenticated remote attacker to 
bypass the authentication mechanism to log in 


2023-11- 
to the device by an alternative URL. This makes 


03 
it possible for unauthenticated remote attackers 


to log in as any existing users, such as an 
administrator, to perform arbitrary system 
operations or disrupt service. 


CVSS 
Score 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
41350 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7500- 
0c544-1.html> 


CVE-2023- 
41351 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7501- 
6155a-1.html> 


Primary 
Vendor -- Product 


nokia -- g-O40w- 
q_firmware 


nokia --g-O40w- 
q_firmware 


nokia -- g-O40w- 
q_firmware 


Publish 
Description ee 


ed 
Chunghwa Telecom NOKIA G-040W-Q Firewall 
function has a vulnerability of input validation 
for ICMP redirect messages. An 
unauthenticated remote attacker can exploit 2023-11- 


this vulnerability by sending a crafted package 03 
to modify the network routing table, resulting in 

a denial of service or sensitive information 

leaking. 


Chunghwa Telecom NOKIA G-O40W-Q has a 
vulnerability of weak password requirements. A 
remote attacker with regular user privilege can 


easily infer the administrator password from a 
system information after logging system, 

resulting in admin access and performing 

arbitrary system operations or disrupt service. 

Chunghwa Telecom NOKIA G-040W-Q has a 

vulnerability of insufficient filtering for user 

input. A remote attacker with administrator 2023-11- 
privilege can exploit this vulnerability to 03 


perform a Command Injection attack to execute 
arbitrary commands, disrupt the system or 
terminate services. 


CVSS 
Score 


9.8 


8.8 


7.2 


Source & 
Patch Info 


CVE-2023- 
41355 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7505- 
a0c94-1.html> 


CVE-2023- 
41353 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7503- 
a27ed-1.html> 


CVE-2023- 
41352 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7502- 
287ec-1.html> 


Primary Publish CVSS | Source & 


Vendor -- Product Beacn been ed Score | Patch Info 
An Information Disclosure vulnerability exists in 2023-11 CVE-2021- 
opayweb --opay Opay Mobile application 1.5.1.26 and maybe be 07 7.5 43419 
higher in the logcat app. 
An issue was discovered in Open Design 
Alliance Drawings SDK before 2024.10. A 
corrupted value for the start of MiniFat sector in 
opendesign -- a crafted DGN file leads to an out-of-bounds 2023-11- 78 CVE-2023- 
drawings_sdk read. This can allow attackers to cause a crash, 07 5179 


potentially enabling a denial-of-service attack 
(Crash, Exit, or Restart) or possible code 
execution. 


Primary 
Vendor -- Product 


openssl --openssl 


ae Publish 
Description ed 
Issue summary: Generating excessively long 2023-11- 
X9.42 DH keys or checking excessively long 06 


X9.42 DH keys or parameters may be very slow. 
Impact summary: Applications that use the 
functions DH_generate_key() to generate an 
X9.42 DH key may experience long delays. 
Likewise, applications that use 
DH_check_pub_key(), DH_check_pub_key_ex() 
or EVP_PKEY_public_check() to check an X9.42 
DH key or X9.42 DH parameters may experience 
long delays. Where the key or parameters that 
are being checked have been obtained from an 
untrusted source this may lead to a Denial of 
Service. While DH_check() performs all the 
necessary checks (as of CVE-2023-3817), 
DH_check_pub_key() doesn't make any of these 
checks, and is therefore vulnerable for 
excessively large P and Q parameters. Likewise, 
while DH_generate_key() performs a check for 
an excessively large P, it doesn't check for an 
excessively large Q. An application that calls 
DH_generate_key() or DH_check_pub_key() and 
supplies a key or parameters obtained from an 
untrusted source could be vulnerable to a Denial 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
5678 

MISC 

MISC 
<https://www.o 
penssl.org/new 
s/secadv/20231 
106.txt> 

MISC 

MISC 

MISC 


Primary 
Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


of Service attack. DH_generate_key() and 
DH_check_pub_key() are also called by a 
number of other OpenSSL functions. An 
application calling any of those other functions 
may similarly be affected. The other functions 
affected by this are DH_check_pub_key_ex(), 
EVP_PKEY_public_check(), and 
EVP_PKEY_generate(). Also vulnerable are the 
OpenSSL pkey command line application when 
using the "-pubcheck" option, as well as the 
OpenSSL genpkey command line application. 
The OpenSSL SSL/TLS implementation is not 
affected by this issue. The OpenSSL 3.0 and 3.1 
FIPS providers are not affected by this issue. 


Primary 


Vendor -- Product 


ortussolutions -- 


coldbox_elixir 


Publish 


Description 
R ed 


A vulnerability classified as problematic has 

been found in Ortus Solutions ColdBox Elixir 

3.1.6. This affects an unknown part of the file 
src/defaultConfig.js of the component ENV 

Variable Handler. The manipulation leads to 

information disclosure. Upgrading to version 2023-11- 
3.1.7 is able to address this issue. The identifier 06 
of the patch is 

a3aa62daea2e44c 76d08dleac63768cd928cd6 

9e. It is recommended to upgrade the affected 
component. The identifier VDB-244485 was 

assigned to this vulnerability. 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2021- 
4430 

MISC 
<https://github. 
com/ortus- 
solutions/coldb 
Ox- 
elixir/releases/t 
ag/v3.1.7> 
MISC 
<https://github. 
com/ortus- 
solutions/coldb 
OX- 
elixir/commit/a 
3aa62daea2e4 
4c76d08dleac 
63768cd928cd 
69e> 

MISC 

MISC 


Primary 
Vendor -- Product 


perforce --helix_core 


perforce --helix_core 


perforce --helix_core 


perforce --helix_core 


Description 


An arbitrary code execution which results in 
privilege escalation was discovered in Helix 
Core versions prior to 2023.2. Reported by Jason 
Geffner. 


In Helix Core versions prior to 2023.2, an 
unauthenticated remote Denial of Service (DoS) 
via the shutdown function was identified. 
Reported by Jason Geffner. 


In Helix Core versions prior to 2023.2, an 
unauthenticated remote Denial of Service (DoS) 
via the commit function was identified. 
Reported by Jason Geffner. 


In Helix Core versions prior to 2023.2, an 
unauthenticated remote Denial of Service (DoS) 
via the buffer was identified. Reported by Jason 
Geffner. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


7.5 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
45849 


CVE-2023- 
35767 


CVE-2023- 
45319 


CVE-2023- 
5759 


Primary 
Vendor -- Product 


phpfox -- phpfox 


Publish 


Description ed 
An issue was discovered in phpFox before 4.8.14. 2023-11- 
The url request parameter passed to the 03 


/core/redirect route is not properly sanitized 
before being used in a call to the unserialize() 
PHP function. This can be exploited by remote, 
unauthenticated attackers to inject arbitrary 
PHP objects into the application scope, allowing 
them to perform a variety of attacks, such as 
executing arbitrary PHP code. 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
46817 

MISC 
<https://karmai 
nsecurity.com/ 
kis-2023-12> 
MISC 
<https://www.p 
hpfox.com/blog 
[> 

MISC 
<https://karmai 
nsecurity.com/ 
pocs/cve-2023- 
46817.php> 
MISC 
<https://docs.p 
hpfox.com/disp 
lay/fox4man/ph 
pfox+4.8.14> 
MISC 
<http://seclists. 


org/fulldisclosu 


Primary 
Vendor -- Product 


Publish 
ed 


Description 


Source & 
Patch Info 


prestashop--prestashop 


progress -- 
ws_ftp_server 


In the module "Order Duplicator " Clone and 

Delete Existing Order" (orderduplicate) in 

version <= 1.1.7 from Silbersaiten for 

PrestaShop, a guest can download personal 2023-11- 
information without restriction. Due to a lack of 07 8.8 
permissions control, a guest can download 

personal information from 

ps_customer/ps_address tables such as name / 


surname / phone number / full postal address. 


In WS_FTP Server versions prior to 8.7.6 and 

8.8.4, an unrestricted file upload flaw has been 

identified. An authenticated Ad Hoc Transfer 

user has the ability to craft an API call which ee 8.8 
allows them to upload a file to a specified 

location on the underlying operating system 


hosting the WS_FTP Server application. 


re/2023/oct/30 


> 


CVE-2023- 
45380 


CVE-2023- 
42659 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL Injection vulnerabilities. 

. acin ! CVE-2023- 
projectworlds -- The 'txt_password' parameter of the index.php 2023-11- 98 46680 
online_job_portal resource does not validate the characters 07 

received and they are sent unfiltered to the 
database. 
Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
projectworlds -- j Sed , arth CVE-2023- 
; i , , vulnerabilities. The 'id' parameter of the 2023-11- 
online_matrimonial_proj 9.8 46785 
partner_preference.php resource does not 07 
ect : x 
validate the characters received and they are 
sent unfiltered to the database. 
Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
projectworlds -- vulnerabilities. The 'pass' parameter in the 2023-11 CVE-2023- 
online_matrimonial_proj 'register()' function of the functions.php 07 9.8 46798 
ect resource does not validate the characters 


received and they are sent unfiltered to the 
database. 


Primary 
Vendor -- Product 


puppet -- 
puppet_enterprise 


Publish CVSS 


D ipti 

escription ed Score 
Versions of Puppet Enterprise prior to 2021.7.6 
and 2023.5 contain a flaw which results in 2023-11- 98 
broken session management for SAML 07 


implementations. 


Source & 
Patch Info 


CVE-2023- 
5309 


Primary 
Vendor -- Product 


python -- pillow 


rae Publish 
Description ed 
An issue was discovered in Pillow before 10.0.0. 
It is a Denial of Service that uncontrollably 
allocates memory to process a given task, 2023-11 
potentially causing a service to crash by having 03 


it run out of memory. This occurs for truetype in 
ImageFont when textlength in an ImageDraw 
instance operates on a long text argument. 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
44271 

MISC 
<https://devhub 
.checkmarx.co 
m/cve- 
details/cve- 
2023-44271/> 
MISC 
<https://github. 
com/python- 
pillow/pillow/p 
ull/7244> 
MISC 
<https://github. 
com/python- 
pillow/pillow/co 
mmit/lfelbb49 
c452b0318cad1 
2ea9d97c3befl 
88e9a7> 


Primary 


Vendor -- Product 


qemu --qemu 


qnap --music_station 


Publish 


D ipti 
escription ed 


A bug in QEMU could cause a guest I/O 
operation otherwise addressed to an arbitrary 
disk offset to be targeted to offset O instead 


tentiall iting the VM's boot code). 
(potentially overwriting the s boot code) 2023-11- 


This could be used, for example, by L2 guests 03 


with a virtual disk (vdiskL2) stored on a virtual 
disk of an L1 (vdiskL1) hypervisor to read and/or 
write data to LBA O of vdiskL1, potentially 
gaining control of L1 at its next reboot. 


A path traversal vulnerability has been reported 

to affect Music Station. If exploited, the 

vulnerability could allow users to read the 

2023-11- 
sensitive data via a network. We have already 03 


contents of unexpected files and expose 


fixed the vulnerability in the following versions: 
Music Station 4.8.11 and later Music Station 
5.1.16 and later Music Station 5.3.23 and later 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
5088 

MISC 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-5088> 
MISC 
<https://lore.ke 
rnel.org/all/202 
30921160712.9 
9521-1- 
simon.rowe@nu 


tanix.com/t/> 


CVE-2023- 
39299 

MISC 
<https://www.q 
nap.com/en/sec 
urity- 
advisory/qsa- 
23-61> 


Primary 
Vendor -- Product 


qnap--qts 


Publish 


Description 
p ed 


An OS command injection vulnerability has been 
reported to affect several QNAP operating 
system versions. If exploited, the vulnerability 
could allow users to execute commands via a 
network. We have already fixed the vulnerability 
in the following versions: QTS 5.0.1.2376 build 
20230421 and later QTS 4.5.4.2374 build 
20230416 and later QuTS hero h5.0.1.2376 build 
20230421 and later QuTS hero h4.5.4.2374 
build 20230417 and later QuTScloud 
c5.0.1.2374 and later 


2023-11- 
03 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
23368 

MISC 
<https://www.q 
nap.com/en/sec 
urity- 
advisory/qsa- 
23-31> 


Primary 
Vendor -- Product 


qnap --qts 


qualcomm --snapdragon 


qualcomm --snapdragon 


Description 


An OS command injection vulnerability has been 
reported to affect several QNAP operating 
system versions. If exploited, the vulnerability 
could allow users to execute commands via a 
network. We have already fixed the vulnerability 
in the following versions: Multimedia Console 
2.1.2 (2023/05/04 ) and later Multimedia 
Console 1.4.8 (2023/05/05 ) and later QTS 
5.1.0.2399 build 20230515 and later QTS 
4.3.6.2441 build 20230621 and later QTS 
4.3.4.2451 build 20230621 and later QTS 
4.3.3.2420 build 20230621 and later QTS 4.2.6 
build 20230621 and later Media Streaming add- 
on 500.1.1.2 (2023/06/12 ) and later Media 
Streaming add-on 500.0.0.11 (2023/06/16 ) and 


later 


Memory Corruption in Multi-mode Call 
Processor while processing bit mask API. 


Memory corruption in WLAN Firmware while 
parsing a NAN management frame carrying a 


S3 attribute. 


Publish 
ed 


2023-11- 
03 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
23369 

MISC 
<https://www.q 
nap.com/en/sec 
urity- 
advisory/qsa- 
23-35> 


CVE-2023- 
22388 


CVE-2023- 
33045 


Primary 
Vendor -- Product 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


Description 


Memory corruption in WLAN HOST while 
processing the WLAN scan descriptor list. 


Memory Corruption in Core during syscall for 
Sectools Fuse comparison feature. 


Memory Corruption in Core due to secure 
memory access by user while loading modem 
image. 


Memory corruption in TZ Secure OS while 
loading an app ELF. 


Cryptographic issue in HLOS during key 
management. 


Memory corruption while processing audio 
effects. 


Memory corruption in core services when Diag 
handler receives a command to configure event 
listeners. 


Memory corruption in Automotive Audio while 
copying data from ADSP shared buffer to the 
VOC packet data buffer. 


Publish CVSS 
ed Score 
2023-11- 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 


Source & 
Patch Info 


CVE-2023- 
28572 


CVE-2023- 
21671 


CVE-2023- 
24852 


CVE-2023- 
28545 


CVE-2023- 
28556 


CVE-2023- 
28570 


CVE-2023- 
28574 


CVE-2023- 
33031 


Primary 
Vendor -- Product 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


Description 


Memory Corruption in Audio while invoking 
callback function in driver from ADSP. 


Memory corruption in Audio while processing 
the VOC packet data from ADSP. 


Memory corruption in Audio when SSR event is 
triggered after music playback is stopped. 


Transient DOS in WLAN Firmware while parsing 
no-inherit IES. 


Transient DOS in WLAN Firmware while parsing 
t2lm buffers. 


Transient DOS in WLAN Firmware when 
firmware receives beacon including T2LM IE. 


Transient DOS in WLAN Firmware while parsing 
WLAN beacon or probe-response frame. 


Publish CVSS 
ed Score 
2023-11- 
07 
2023-11- 
7.8 
07 
2023-11- 
7.8 
07 
2023-11- 
7.5 
07 
2023-11- 
7.5 
07 
2023-11- 
7.5 
07 
2023-11- 
7.5 
07 


Source & 
Patch Info 


CVE-2023- 
33055 


CVE-2023- 
33059 


CVE-2023- 
33074 


CVE-2023- 
33047 


CVE-2023- 
33048 


CVE-2023- 
33056 


CVE-2023- 
33061 


Primary 
Vendor -- Product 


qualitor --galitor 


Description 


Qualitor through 8.20 allows remote attackers 
to execute arbitrary code via PHP code in the 
html/ad/adpesquisasql/request/processVariavel 
.php gridValoresPopHidden parameter. 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
47253 

MISC 
<https://www.q 
ualitor.com.br/q 
ualitor-8-20> 
MISC 
<https://www.li 
nkedin.com/in/ 
xvinicius/> 
MISC 
<https://www.li 
nkedin.com/in/ 
hairrison- 
wenning- 
4631a4124/> 
MISC 
<https://openxp 
.xpsec.co/blog/ 
cve-2023- 
47253> 


Primary 
Vendor -- Product 


redlion --crimson 


relativity --relativityone 


Publish 


Description 
R ed 


The Crimson 3.2 Windows-based configuration 
tool allows users with administrative access to 
define new passwords for users and to 
download the resulting security configuration to 
a device. If such a password contains the 


t (%) ch ter, invali l ill 
percent (%) character, invalid values will be 2023-11- 


included, potentially truncating the string if a 06 


NUL is encountered. If the simplified password 
is not detected by the administrator, the device 
might be left in a vulnerable state as a result of 
more-easily compromised credentials. Note that 
passwords entered via the Crimson system web 
server do not suffer from this vulnerability. 


SQL Injection vulnerability in Relativity ODA LLC 
RelativityOne v.12.1.537.3 Patch 2 and earlier 2023-11- 
allows a remote attacker to execute arbitrary 03 
code via the name parameter. 


CVSS 
Score 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
5719 

MISC 
<https://www.ci 
sa.gov/news- 
events/ics- 
advisories/icsa- 
23-306-01> 
MISC 
<https://suppor 
t.redlion.net/hc 
/en- 
us/categories/3 
60002087671- 
security- 


advisories> 


CVE-2023- 
46954 

MISC 
<https://github. 
com/jakedmurp 
hy1/cve-2023- 
46954> 


Primary 


Vendor -- Product 


remoteclinic -- 
remote_clinic 


remoteclinic -- 
remote_clinic 


remoteclinic -- 
remote_clinic 


remoteclinic -- 
remote_clinic 


Description 


RemoteClinic 2.0 has a SQL injection 
vulnerability in the ID parameter of 
/medicines/stocks.php. 


RemoteClinic version 2.0 contains a SQL 
injection vulnerability in the /staff/edit.php file. 


RemoteClinic 2.0 is vulnerable to a time-based 
blind SQL injection attack in the ‘start’ GET 
parameter of patients/index.php. 


RemoteClinic 2.0 contains a critical vulnerability 
chain that can be exploited by a remote attacker 
with low-privileged user credentials to create 
admin users, escalate privileges, and execute 
arbitrary code on the target system via a PHP 
shell. The vulnerabilities are caused by a lack of 
input validation and access control in the 
staff/register.php endpoint and the edit-my- 
profile.php page. By sending a series of 
specially crafted requests to the RemoteClinic 
application, an attacker can create admin users 
with more privileges than their own, upload a 
PHP file containing arbitrary code, and execute 
arbitrary commands via the PHP shell. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


9.8 


9.8 


9.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
33478 


CVE-2023- 
33479 


CVE-2023- 
33481 


CVE-2023- 
33480 


Primary pkseriation Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


A path traversal vulnerability was identified in 2023-11- 9.8 CVE-2023- 
Samba when processing client pipe names 03 3961 


samba --samba 


connecting to Unix domain sockets within a 
private directory. Samba typically uses this 
mechanism to connect SMB clients to remote 
procedure call (RPC) services like SAMR LSA or 
SPOOLSS, which Samba initiates on demand. 
However, due to inadequate sanitization of 
incoming client pipe names, allowing a client to 
send a pipe name containing Unix directory 
traversal characters (../). This could result in 
SMB clients connecting as root to Unix domain 
sockets outside the private directory. If an 
attacker or client managed to send a pipe name 
resolving to an external service using an 
existing Unix domain socket, it could potentially 
lead to unauthorized access to the service and 
consequential adverse events, including 
compromise or service crashes. 


MISC 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-3961> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6209> 
MISC 

MISC 
<https://www.s 
amba.org/samb 
a/security/cve- 
2023- 
3961.html> 
MISC 
<https://lists.fe 
doraproject.org 


/archives/list/p 


Primary 
Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


samsung --android 


samsung --android 


samsung --android 


Improper access control vulnerability in 
SmsController prior to SMR Nov-2023 Release 
allows attacker to bypass restrictions on 
starting activities from the background. 


An improper input validation in saped_dec in 
libsaped prior to SMR Nov-2023 Release 1 
allows attacker to cause out-of-bounds read and 
write. 


An improper input validation in get_head_crc in 
libsaped prior to SMR Nov-2023 Release 1 
allows attacker to cause out-of-bounds read and 
write. 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


9.8 


9.8 


9.8 


ackage- 
announce@lists 
.fedoraproject.o 
rg/message/zu 
mvallffdfc53jz 
muwa6hpd7hu 
gap5i/> 


CVE-2023- 
42531 


CVE-2023- 
42536 


CVE-2023- 
42537 


Primary 


Vendor -- Product 


samsung --android 


samsung --android 


samsung --android 


samsung --android 


samsung --android 


Description 


An improper input validation in 
saped_rec_silence in libsaped prior to SMR Nov- 
2023 Release 1 allows attacker to cause out-of- 
bounds read and write. 


Arbitrary File Descriptor Write vulnerability in 
libsec-ril prior to SMR Nov-2023 Release 1 
allows local attacker to execute arbitrary code. 


Improper Input Validation vulnerability in 
ProcessNvBuffering of libsec-ril prior to SMR 
Nov-2023 Release 1 allows local attacker to 
execute arbitrary code. 


Out-of-bound write vulnerability in libsec-ril 
prior to SMR Nov-2023 Release 1 allows local 
attackers to execute arbitrary code. 


Out-of-bounds Write in read_block of vold prior 
to SMR Nov-2023 Release 1 allows local 
attacker to execute arbitrary code. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


7.8 


7.8 


7.8 


7.8 


Source & 
Patch Info 


CVE-2023- 
42538 


CVE-2023- 
30739 


CVE-2023- 
42528 


CVE-2023- 
42529 


CVE-2023- 
42535 


Primary 
Vendor -- Product 


samsung --android 


samsung --android 


samsung --bixby_voice 


samsung -- 
exynos_9810_firmware 


Description 


Improper access control vulnerability in 
SecSettings prior to SMR Nov-2023 Release 1 
allows attackers to enable Wi-Fi and Wi-Fi 
Direct without User Interaction. 


Improper Certificate Validation in FotaAgent 
prior to SMR Nov-2023 Release! allows remote 
attacker to intercept the network traffic 
including Firmware information. 


Improper verification of intent by broadcast 
receiver vulnerability in Bixby Voice prior to 
version 3.3.35.12 allows attackers to access 
arbitrary data with Bixby Voice privilege. 


An issue was discovered in Samsung Mobile 
Processor, Wearable Processor, Automotive 
Processor, and Modem (Exynos 9810, 9610, 
9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 
1330, 9110, W920, Modem 5123, Modem 5300, 
and Auto T5123). Improper handling of a length 
parameter inconsistency can cause abnormal 
termination of a mobile phone. This occurs in the 
RLC task and RLC module. 


Publish CVSS 
ed Score 
2023-11- 
07 
2023-11- 75 
07 l 
2023-11- 75 
07 i 
2023-11- 75 
08 i 


Source & 
Patch Info 


CVE-2023- 
42530 


CVE-2023- 
42532 


CVE-2023- 
42543 


CVE-2023- 
41111 


Primary 
Vendor -- Product 


samsung -- 
exynos_9810_firmware 


samsung -- phone 


Description 


An issue was discovered in Samsung Mobile 
Processor, Wearable Processor, Automotive 
Processor, and Modem (Exynos 9810, 9610, 
9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 
1330, 9110, W920, Modem 5123, Modem 5300, 
and Auto T5123). A buffer copy, without 
checking the size of the input, can cause 
abnormal termination of a mobile phone. This 
occurs in the RLC task and RLC module. 


Use of implicit intent for sensitive 
communication vulnerability in Phone prior to 
versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 
in Android 12, and 14.7.38 in Android 13 allows 
attackers to access location data. 


Publish 
ed 


2023-11- 
08 


2023-11- 
07 


CVSS 
Score 


7.5 


7.5 


Source & 
Patch Info 


CVE-2023- 
41112 


CVE-2023- 
42545 


Primary 
Vendor -- Product 


schedmd--slurm 


Description 


SchedMD Slurm 23.02.x before 23.02.6 and 
22.05.x before 22.05.10 allows filesystem race 
conditions for gaining ownership of a file, 
overwriting a file, or deleting files. 


Publish CVSS 


Score 


2023-11- 


03 


Source & 
Patch Info 


CVE-2023- 
41914 

MISC 
<https://sched 
md.com/securit 
y.php> 
CONFIRM 
<https://lists.sc 
hedmd.com/pip 
ermail/slurm- 
announce/2023 
/000100.html> 


Primary 
Vendor -- Product 


softing -- smartlink_sw- 
ht 


Description 


Weak ciphers in Softing smartLink SW-HT 
before 1.30 are enabled during secure 
communication (SSL). 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


Source & 
Patch Info 


CVE-2022- 
48193 

MISC 
<https://industr 
ial.softing.com/ 
fileadmin/psirt/ 
downloads/syt- 
2022-11.html> 
MISC 
<https://industr 
ial.softing.com/ 
fileadmin/psirt/ 
downloads/syt- 
2022-11.json> 


Primary 
Vendor -- Product 


squid-cache --squid 


Description 


Squid is a caching proxy for the Web supporting 
HTTP, HTTPS, FTP, and more. Due to a NULL 
pointer dereference bug Squid is vulnerable to a 
Denial of Service attack against Squid's Gopher 
gateway. The gopher protocol is always 
available and enabled in Squid prior to Squid 
6.0.1. Responses triggering this bug are possible 
to be received from any gopher server, even 
those without malicious intent. Gopher support 
has been removed in Squid version 6.0.1. Users 
are advised to upgrade. Users unable to upgrade 
should reject all gopher URL requests. 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


7.5 


Source & 
Patch Info 


CVE-2023- 
46728 

MISC 
<https://github. 
com/squid- 
cache/squid/co 
mmit/6eal2e8f 
b590ac6959e9 
356a81aa3370 
576568c3> 
MISC 
<https://github. 
com/squid- 
cache/squid/se 
curity/advisorie 
s/ghsa-cg5h- 
v6vc-w33f> 


Primary Publish CVSS | Source & 


Vendor -- Product i ed Score | Patch Info 
squid-cache --squid Squid is vulnerable to a Denial of Service, where 2023-11- 7.5 CVE-2023- 
a remote attacker can perform buffer overflow 03 46847 
attack by writing up to 2 MB of arbitrary data to MISC 
heap memory when Squid is configured to <https://access. 
accept HTTP Digest Authentication. redhat.com/err 
ata/rhsa- 
2023:6266> 
MISC 


<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6267> 
MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-46847> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6268> 
MISC 

MISC 


Primary Publish Source & 


Vendor -- Product Deseription ed Patch Info 


<https://github. 
com/squid- 
cache/squid/se 
curity/advisorie 
s/ghsa-phqj- 
m8gv-cq4g> 


Primary 
Vendor -- Product 


squid-cache --squid 


Description 


Squid is vulnerable to Denial of Service, where a 
remote attacker can perform DoS by sending 
ftp:// URLs in HTTP Request messages or 
constructing ftp:// URLs from FTP Native input. 


Publish CVSS 


Score 


2023-11- 7.5 


03 


Source & 
Patch Info 


CVE-2023- 
46848 

MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6266> 
MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-46848> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6268> 
MISC 
<https://github. 
com/squid- 
cache/squid/se 
curity/advisorie 


s/ghsa-2g3c- 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


pg/7q-g59w> 
MISC 


CVE-2023- 
5824 

MISC 

MISC 
<https://access. 


redhat.com/sec 


Squid is vulnerable to Denial of Service attack 2023-11 urity/cve/cve- 
squid-cache --squid against HTTP and HTTPS clients due to an 03 7.5 2023-5824> 
Improper Handling of Structural Elements bug. MISC 


<https://github. 
com/squid- 
cache/squid/se 
curity/advisorie 
s/ghsa-543m- 
w2m2-g255> 


Primary 
Vendor -- Product 


squidex.io --squidex 


Publish 


Description 
ed 


Squidex is an open source headless CMS and 2023-11- 
content management hub. Affected versions are 07 
subject to an arbitrary file write vulnerability in 
the backup restore feature which allows an 
authenticated attacker to gain remote code 
execution (RCE). Squidex allows users with the 
‘squidex.admin.restore’ permission to create and 
restore backups. Part of these backups are the 
assets uploaded to an App. For each asset, the 
backup zip archive contains a .asset file with 
the actual content of the asset as well as a 
related “AssetCreatedEventV2 event, which is 
stored in a JSON file. Amongst other things, the 
JSON file contains the event type 
(AssetCreatedEventV2)), the ID of the asset 
(46c05041-9588-4179-b5eb-ddfcd9463ele), 
its filename (test.txt), and its file version (0). 
When a backup with this event is restored, the 
‘BackupAssets.ReadAssetAsync method is 
responsible for re-creating the asset. For this 
purpose, it determines the name of the .asset 
file in the zip archive, reads its content, and 
stores the content in the filestore. When the 
asset is stored in the filestore via the 


Cvss 
Score 


1.2 


Source & 
Patch Info 


CVE-2023- 
46253 


Primary 
Vendor -- Product 


Publish 
ed 


Description 


Source & 
Patch Info 


strapi--strapi 


UploadAsync method, the assetld and 
fileVersion are passed as arguments. These are 
further passed to the method GetFileName, 
which determines the filename where the asset 
should be stored. The assetld is inserted into the 
filename without any sanitization and an 
attacker with squidex.admin.restore privileges 
to run arbitrary operating system commands on 
the underlying server (RCE). 


strapi is an open-source headless CMS. Versions 
prior to 4.13.1 did not properly restrict write 
access to fielded marked as private in the user 
registration endpoint. As such malicious users 
may be able to errantly modify their user 
records. This issue has been addressed in 
version 4.13.1. Users are advised to upgrade. 
There are no known workarounds for this 


2023-11- 
06 


vulnerability. 


7.5 


CVE-2023- 
39345 

MISC 
<https://github. 
com/strapi/stra 
pi/security/advi 
sories/ghsa- 
gc7p-j5xm- 
xxh2> 


Primary 
Vendor -- Product 


swtpm --swtpm 


sysaid --sysaid_on- 
premises 


Description 


In swtpm before 0.4.2 and 0.5.x before 0.5.1, a 
local attacker may be able to overwrite arbitrary 
files via a symlink attack against a temporary 
file such as TMP2-00.permall. 


In SysAid On-Premise before 23.3.36, a path 
traversal vulnerability leads to code execution 
after an attacker writes a file to the Tomcat 
webroot, as exploited in the wild in November 
2023. 


Publish 
ed 


2023-11- 
03 


2023-11- 
10 


CVSS 
Score 


71 


9.8 


Source & 
Patch Info 


CVE-2020- 
28407 

MISC 
CONFIRM 
<https://github. 
com/stefanber 
ger/swtpm/rele 
ases/tag/v0.4.2 
> 

CONFIRM 
<https://github. 
com/stefanber 
ger/swtpm/rele 
ases/tag/v0.5.1 


> 


CVE-2023- 
47246 


Primary 
Vendor -- Product 


wordpress -- wordpress 


tenda-- 
ax1806_firmware 


tenda-- 
ax1806_ firmware 


Publish 


Description 
R ed 


The Templately WordPress plugin before 2.2.6 

does not properly authorize the `saved- 2023-11- 
templates/delete’ REST API call, allowing 06 
unauthenticated users to delete arbitrary posts. 


Tenda AX1806 V1.0.0.1 contains a heap overflow 
vulnerability in setSchedWifi function, in which 


2023-11- 
the sre and v12 are directly obtained from http 07 
request parameter schedStartTime and 
schedEndTime without checking their size. 
Tenda AX1806 V1.0.0.1 contains a stack overflow 2023-11 
vulnerability in function sub_455D4, called by 07 


function fromSetWirelessRepeat. 


CVSS 
Score 


7.5 


9.1 


9.1 


Source & 
Patch Info 


CVE-2023- 
5454 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/1854f77f- 
e12a-4370- 
9c44- 
73d16d493685 


> 


CVE-2023- 
47455 


CVE-2023- 
47456 


Primary 
Vendor -- Product 


tigera --calico_cloud 


tyk --tyk 


Publish 
Description ae 


ed 
In certain conditions for Calico Typha (v3.26.2, 
v3.25.1 and below), and Calico Enterprise Typha 
(v3.17.1, v3.16.3, v3.15.3 and below), a client TLS 
handshake can block the Calico Typha server 
indefinitely, resulting in denial of service. The 2023-11- 


TLS Handshake() call is performed inside the 06 
main server handle for loop without any timeout 

allowing an unclean TLS handshake to block the 

main loop indefinitely while other connections 

will be idle waiting for that handshake to finish. 


Blind SQL injection i i_id ter in Tyk 
ind SQL injection in api_id parameter in Ty 2023-11- 


Gateway version 5.0.3 allows attacker to access 07 


and dump the database via a crafted SQL query. 


CVSS 
Score 


7.5 


9.8 


Source & 
Patch Info 


CVE-2023- 
41378 

MISC 
<https://github. 
com/projectcali 
co/calico/pull/7 
993> 

MISC 
<https://github. 
com/projectcali 
co/calico/pull/7 
908> 

MISC 
<https://www.ti 
gera.io/security 
-bulletins-tta- 
2023-001/> 


CVE-2023- 
42283 


Primary 
Vendor -- Product 


tyk --tyk 


utoronto--pcrs 


aos Publish 
Description ed 
Blind SQL injection in api_version parameter in 
Tyk Gateway version 5.0.3 allows attacker to 2023-11- 
access and dump the database via a crafted 07 
SQL query. 
PCRS <= 3.11 (dOdele) "Questions" page and 
"Code editor" page are vulnerable to remote 2023-11- 
code execution (RCE) by escaping Python 03 


sandboxing. 


CVSS 
Score 


9.8 


9.9 


Source & 
Patch Info 


CVE-2023- 
42284 


CVE-2023- 
46404 

MISC 
<https://bitbuc 
ket.org/utmand 
rew/pcrs/comm 
its/5f18bcbb38 
3b7d73f7a8b3 
99cc52b23597 
d752ae> 
MISC 
<https://github. 
com/windecks/ 
cve-2023- 
46404> 


Primary 


Vendor -- Product 


vaerys-dawn -- 


discordsailv2 


Publish 


Description 
p ed 


A vulnerability was found in Vaerys-Dawn 

DiscordSailv2 up to 2.10.2. It has been declared 

as critical. Affected by this vulnerability is an 

unknown functionality of the component 

Command Mention Handler. The manipulation 

leads to improper access controls. Upgrading to 2023-11- 
version 2.10.3 is able to address this issue. The 05 
patch is named 
cc12e0be82a5d05d9f359ed8e56088f4f8b8eb 

69. It is recommended to upgrade the affected 
component. The associated identifier of this 

vulnerability is VDB-244483. 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2018- 
25092 

MISC 
<https://github. 
com/vaerys- 
dawn/discordsa 
ilv2/releases/ta 
g/2.10.3> 

MISC 

MISC 

MISC 
<https://github. 
com/vaerys- 
dawn/discordsa 
ilv2/commit/cc1 
2e0be82a5d05 
d9f359ed8e56 
088f4f8b8eb6 
9> 


Primary 


Vendor -- Product 


vaerys-dawn -- 


discordsailv2 


Publish 


D ipti 
escription ed 


A vulnerability was found in Vaerys-Dawn 
DiscordSailv2 up to 2.10.2. It has been rated as 
critical. Affected by this issue is some unknown 
functionality of the component Tag Handler. The 


manipulation leads to improper access controls. 
oes 2023-11- 


Upgrading to version 2.10.3 is able to address 06 


this issue. The name of the patch is 
ccl2e0be82a5d05d9f359ed8e56088f4f8b8eb 
69. It is recommended to upgrade the affected 
component. The identifier of this vulnerability is 
VDB-244484. 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2018- 
25093 

MISC 
<https://github. 
com/vaerys- 
dawn/discordsa 
ilv2/releases/ta 
g/2.10.3> 

MISC 

MISC 

MISC 
<https://github. 
com/vaerys- 
dawn/discordsa 
ilv2/commit/cc1 
2e0be82a5d05 
d9f359ed8e56 
088f4f8b8eb6 
9> 


Primary 
Vendor -- Product 


veeam--one 


videolan -- 
vle_media_player 


videolan -- 
vle_media_player 


webidsupport --webid 


Description 


A vulnerability in Veeam ONE allows an 
unauthenticated user to gain information about 
the SQL server connection Veeam ONE uses to 
access its configuration database. This may lead 
to remote code execution on the SQL server 
hosting the Veeam ONE configuration database. 


Videolan VLC prior to version 3.0.20 contains an 
incorrect offset read that leads to a Heap-Based 
Buffer Overflow in function GetPacket() and 
results in a memory corruption. 


Videolan VLC prior to version 3.0.20 contains an 
Integer underflow that leads to an incorrect 
packet length. 


WeBid <=1.2.2 is vulnerable to code injection via 
admin/categoriestrans.php. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
08 


CVSS 
Score 


9.8 


7.5 


Source & 
Patch Info 


CVE-2023- 
38547 


CVE-2023- 
47359 


CVE-2023- 
47360 


CVE-2023- 
47397 


Primary 
Vendor -- Product 


weintek -- 
easybuilder_pro 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Weintek EasyBuilder Pro contains a vulnerability 
that, even when the private key is immediately 
deleted after the crash report transmission is 
finished, the private key is exposed to the public, 
which could result in obtaining remote control of 
the crash report server. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Lenderd 1003 
Mortgage Application.This issue affects 1003 
Mortgage Application: from n/a through 1.75. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Scott Reilly 
Commenter Emails.This issue affects 
Commenter Emails: from n/a through 2.6.1. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in WebToffee WordPress 
Comments Import & Export.This issue affects 

WordPress Comments Import & Export: from n/a 


through 2.3.1. 


Publish CVSS 


ed Score 
2023-11- 
06 
2023-11- 
9.8 
07 
2023-11- 
9.8 
07 
2023-11- 
9.8 
07 


Source & 
Patch Info 


CVE-2023- 
5777 

MISC 
<https://www.ci 
sa.gov/news- 
events/ics- 
advisories/icsa- 
23-306-05> 


CVE-2022- 
45357 


CVE-2022- 
45360 


CVE-2022- 
45370 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Jason Crouse, VeronaLabs 
Slimstat Analytics allows SQL Injection.This 
issue affects Slimstat Analytics: from n/a 
through 5.0.4. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Paytm Paytm Payment Gateway 
paytm-payments allows SQL Injection.This issue 
affects Paytm Payment Gateway: from n/a 
through 2.7.3. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in lcegram Icegram 
Express -Email Marketing, Newsletters and 
Automation for WordPress & 
WooCommerce.This issue affects lcegram 
Express -Email Marketing, Newsletters and 
Automation for WordPress & WooCommerce: 
from n/a through 5.5.2. 


Publish 
ed 


2023-11- 
06 


2023-11- 
03 


2023-11- 
07 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2022- 
45373 
MISC 


CVE-2022- 
45805 
MISC 


CVE-2022- 
45810 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Paul Ryley Site 
Reviews. This issue affects Site Reviews: from 
n/a through 6.2.0. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in WebToffee Product 
Reviews Import Export for WooCommerce. This 
issue affects Product Reviews Import Export for 
WooCommerce: from n/a through 1.4.8. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Noptin Newsletter 
Simple Newsletter Plugin -Noptin. This issue 
affects Simple Newsletter Plugin -Noptin: from 
n/a through 1.9.5. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Repute Infosystems ARMember 
armember-membership allows SQL 
Injection.This issue affects ARMember: from n/a 
through 3.4.11. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
03 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2022- 
46801 


CVE-2022- 
46802 


CVE-2022- 
46803 


CVE-2022- 
46808 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in WPDeveloper 
ReviewX -Multi-criteria Rating & Reviews for 
WooCommerce.This issue affects ReviewX - 
Multi-criteria Rating & Reviews for 
WooCommerce: from n/a through 1.6.7. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Gopi Ramasamy Email posts to 
subscribers allows SQL Injection.This issue 
affects Email posts to subscribers: from n/a 
through 6.2. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Weblizar Coming Soon Page- 
Responsive Coming Soon & Maintenance Mode 
allows SQL Injection.This issue affects Coming 
Soon Page -Responsive Coming Soon & 
Maintenance Mode: from n/a through 1.5.9. 


Publish 
ed 


2023-11- 
07 


2023-11- 
03 


2023-11- 
06 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2022- 
46809 


CVE-2022- 
46818 
MISC 


CVE-2022- 
46849 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Spiffy Plugins Spiffy Calendar 
spiffy-calendar allows SQL Injection.This issue 
affects Spiffy Calendar: from n/a through 4.9.1. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in KaizenCoders Short URL allows 
SQL Injection.This issue affects Short URL: from 
n/a through 1.6.4. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Online ADA Accessibility Suite 
by Online ADA allows SQL Injection.This issue 
affects Accessibility Suite by Online ADA: from 
n/a through 4.11. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Neshan Maps Platform Neshan 
Maps neshan-maps allows SQL Injection.This 
issue affects Neshan Maps: from n/a through 
1.1.4. 


Publish 
ed 


2023-11- 
03 


2023-11- 
06 


2023-11- 
06 


2023-11- 
03 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2022- 
46859 
MISC 


CVE-2022- 
46860 
MISC 


CVE-2022- 
47420 
MISC 


CVE-2022- 
47426 
MISC 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 

vulnerability in WpDevArt Booking calendar, 2023-11- CVE-2022- 
wordpress --wordpress Appointment Booking System allows SQL 06 9.8 47428 

Injection.This issue affects Booking calendar, MISC 

Appointment Booking System: from n/a through 

3.2.7. 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 

vulnerability in Weblizar The School 2023-11- CVE-2022- 
wordpress -- wordpress Management -Education & Learning 06 9.8 47430 

Management allows SQL Injection.This issue MISC 

affects The School Management -Education & 

Learning Management: from n/a through 4.1. 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 2023-11- CVE-2022- 
wordpress --wordpress vulnerability in Kemal YAZICI-PluginPress 06 9.8 47432 

Shortcode IMDB allows SQL Injection.This issue MISC 


affects Shortcode IMDB: from n/a through 6.0.8. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Web-X Be POPIA Compliant be- 
popia-compliant allows SQL Injection.This issue 
affects Be POPIA Compliant: from n/a through 
1.2.0. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Tips and Tricks HQ, Peter 
Petreski Simple Photo Gallery simple-photo- 
gallery allows SQL Injection.This issue affects 
Simple Photo Gallery: from n/a through v1.8.1. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in GiveWPThis issue 
affects GiveWP: from n/a through 2.25.1. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Muneeb Form Builder 
| Create Responsive Contact Forms. This issue 
affects Form Builder | Create Responsive 
Contact Forms: from n/a through 1.9.9.0. 


Publish 
ed 


2023-11- 
03 


2023-11- 
03 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2022- 
47445 
MISC 


CVE-2022- 
47588 
MISC 


CVE-2023- 
22719 


CVE-2023- 
23796 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 2023-11- CVE-2023- 
wordpress -- wordpress vulnerability in Themeum Tutor LMS allows SQL 03 9.8 25700 

Injection.This issue affects Tutor LMS: from n/a MISC 

through 2.1.10. 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 

vulnerability in Zendrop Zendrop -Global 2023-11- CVE-2023- 
wordpress -- wordpress Dropshipping zendrop-dropshipping-and- 03 9.8 25960 

fulfillment allows SQL Injection.This issue MISC 

affects Zendrop-Global Dropshipping: from n/a 

through 1.0.0. 

Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 

vulnerability in Chris Richardson MapPress 2023-11- CVE-2023- 
wordpress --wordpress Maps for WordPress mappress-google-maps- 03 9.8 26015 

for-wordpress allows SQL Injection. This issue MISC 


affects MapPress Maps for WordPress: from n/a 
through 2.85.4. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


D ipti 
escription ed 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 


ie . , 2023-11- 
vulnerability in Sajjad Hossain WP Reroute 


06 
Email allows SQL Injection.This issue affects WP 


Reroute Email: from n/a through 1.4.6. 


Improper Neutralization of Special Elements 

used in an SQL Command (‘SQL Injection’) 

vulnerability in biztechc Copy or Move 2023-11- 
Comments allows SQL Injection.This issue 06 
affects Copy or Move Comments: from n/a 

through 5.0.4. 


The MStore API plugin for WordPress is 
vulnerable to Unauthorized Account Access and 
Privilege Escalation in versions up to, and 
including, 4.10.7 due to improper 


impl tati f the Apple login feature. Thi 
mpementaton Or ihe Appie OBIMTAATUEeA IMIS | gazai 


allows unauthenticated attackers to log in as 03 


any user as long as they know the user's email 
address. We are disclosing this issue as the 
developer has not yet released a patch, but 
continues to release updates and we escalated 
this issue to the plugin's team 30 days ago. 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
27605 
MISC 


CVE-2023- 
28748 
MISC 


CVE-2023- 
3277 

MISC 
<https://plugins 
.trac.wordpress 
.org/browser/m 
store- 
api/trunk/contr 
ollers/flutter- 
user.php#l821> 
MISC 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Improper Neutralization of Special Elements 
i L d (‘SQL Injection’ 
used in anid Comman er njection’) CVE-2023- 
vulnerability in weDevs WP Project Manager 2023-11- 
wordpress -- wordpress f 9.8 34383 
wedevs-project-manager allows SQL 03 MISC 
Injection.This issue affects WP Project Manager: 
from n/a through 2.6.0. 
Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Creative Solutions Contact Form 2023-11 CVE-2023- 
wordpress -- wordpress Generator : Creative form builder for WordPress 06 9.8 35911 
allows SQL Injection.This issue affects Contact MISC 
Form Generator : Creative form builder for 
WordPress: from n/a through 2.6.0. 
Improper Neutralization of Special Elements 
i L "SQL Injection’ 
used in an SQL Command (‘SQL Injection’) CVE-2023- 


vulnerability in Favethemes Houzez- Real Estate 2023-11- 
WordPress Theme allows SQL Injection.This 03 
issue affects Houzez-Real Estate WordPress 

Theme: from n/a through 1.3.4. 


9.8 36529 
MISC 


wordpress -- wordpress 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Daniel Soderstrom / Sidney van 
de Stouwe Subscribe to Category allows SQL 
Injection.This issue affects Subscribe to 
Category: from n/a through 2.7.4. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in RedNao Donations Made Easy - 
Smart Donations allows SQL Injection.This issue 
affects Donations Made Easy-Smart Donations: 
from n/a through 4.0.12. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Aiyaz, maheshpatel Contact 
form 7 Custom validation allows SQL 
Injection.This issue affects Contact form 7 
Custom validation: from n/a through 1.1.3. 


Publish 
ed 


2023-11- 
06 


2023-11- 
06 


2023-11- 
06 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
38382 
MISC 


CVE-2023- 
40207 
MISC 


CVE-2023- 
40609 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in David F. Carr RSVPMaker 
rsvpmaker allows SQL Injection.This issue 
affects RSVPMaker: from n/a through 10.6.6. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in iltGhera Woocommerce Support 
System allows SQL Injection.This issue affects 
Woocommerce Support System: from n/a 
through 1.2.1. 


Bon Presta boninstagramcarousel between 
v5.2.1 to v7.0.0 was discovered to contain a 
Server-Side Request Forgery (SSRF) via the url 


parameter at insta_parser.php. This vulnerability 


allows attackers to use the vulnerable website 
as proxy to attack other websites or exfiltrate 
data via a HTTP call. 


Publish 
ed 


2023-11- 
03 


2023-11- 
06 


2023-11- 
03 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
41652 
MISC 


CVE-2023- 
41685 
MISC 


CVE-2023- 
43982 

MISC 
<https://securit 
y.friendsofprest 
a.org/modules/ 
2023/11/02/bon 
instagramcarou 


sel.html> 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Castos Seriously Simple Stats 
allows SQL Injection.This issue affects Seriously 
Simple Stats: from n/a through 1.5.0. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Pressference Pressference 
Exporter allows SQL Injection.This issue affects 
Pressference Exporter: from n/a through 1.0.3. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in InspireUl MStore API allows SQL 
Injection.This issue affects MStore API: from n/a 
through 4.0.6. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Video Gallery by Total-Soft 
Video Gallery -Best WordPress YouTube Gallery 
Plugin allows SQL Injection.This issue affects 
Video Gallery -Best WordPress YouTube Gallery 
Plugin: from n/a through 2.1.3. 


Publish 
ed 


2023-11- 
06 


2023-11- 
06 


2023-11- 
06 


2023-11- 
06 


CVSS 
Score 


9.8 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
45001 
MISC 


CVE-2023- 
45046 
MISC 


CVE-2023- 
45055 
MISC 


CVE-2023- 
45069 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Page Visit Counter Advanced 
Page Visit Counter -Most Wanted Analytics 
Plugin for WordPress allows SQL Injection.This 
issue affects Advanced Page Visit Counter - 
Most Wanted Analytics Plugin for WordPress: 
from n/a through 7.1.1. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in POSIMYTH Nexter allows SQL 
Injection.This issue affects Nexter: from n/a 
through 2.0.3. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Online ADA Accessibility Suite 
by Online ADA allows SQL Injection.This issue 
affects Accessibility Suite by Online ADA: from 
n/a through 4.11. 


Publish 
ed 


2023-11- 
06 


2023-11- 
06 


2023-11- 
06 


CVSS 
Score 


9.8 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
45074 
MISC 


CVE-2023- 
45657 
MISC 


CVE-2023- 
45830 
MISC 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
CVE-2023- 
5601 
_. MISC 
The WooCommerce Ninja Forms Product Add- 
: <https://wpsca 
ons WordPress plugin before 1.7.1 does not 
, : ; 2023-11- n.com/vulnerab 
wordpress -- wordpress validate the file to be uploaded, allowing any 9.8 p 
f . ; 06 ility/O0O35ec5e- 
unauthenticated users to upload arbitrary files 
. d405-4eb7- 
to the server, leading to RCE. 
8fe4- 
29dd0c71e4bc 
Improper Neutralization of Formula Elements in 
d d a CSV File vulnerability in Nakashima Masahiro 2023-11- 3.8 CVE-2022- 
wordpress -- wordpress : 
j p WP CSV Exporter. This issue affects WP CSV 07 38702 
Exporter: from n/a through 2.0. 
Improper Neutralization of Formula Elements in 
d d a CSV File vulnerability in Kaushik Kalathiya 2023-11- 88 CVE-2022- 
wordpress --wordpres ; 
ene See Export Users Data CSV. This issue affects 07 41616 
Export Users Data CSV: from n/a through 2.1. 
Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Shambix Simple 2023-11- CVE-2022- 
wordpress -- wordpress o. ; 8.8 
CSV/XLS Exporter. This issue affects Simple 07 42882 


CSV/XLS Exporter: from n/a through 1.5.8. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Patrick Robrecht 
Posts and Users Stats. This issue affects Posts 
and Users Stats: from n/a through 1.1.3. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in anmari amr users. 
This issue affects amr users: from n/a through 
4.59.4. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Par Thernstrom 
Simple History -user activity log, audit tool. This 
issue affects Simple History -user activity log, 
audit tool: from n/a through 3.3.1. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Narola Infotech 
Solutions LLP Export Users Data Distinct. This 
issue affects Export Users Data Distinct: from 
n/a through 1.3. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2022- 
44738 


CVE-2022- 
45348 


CVE-2022- 
45350 


CVE-2022- 
46804 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in wpexpertsio Email Templates Customizer and 
Designer for WordPress and WooCommerce 
email-templates allows Cross Site Request 
Forgery.This issue affects Email Templates 
Customizer and Designer for WordPress and 
WooCommerce: from n/a through 1.4.2. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in AyeCode Ltd 
UsersWPThis issue affects UsersWP: from n/a 
through 1.2.3.9. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Themeum Tutor LMS allows SQL 
Injection.This issue affects Tutor LMS: from n/a 
through 2.2.0. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 
versions. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
03 


2023-11- 
09 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2022- 
47181 


CVE-2022- 
47442 


CVE-2023- 
25800 
MISC 


CVE-2023- 
25975 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in WPOmnia KB 
Support.This issue affects KB Support: from n/a 
through 1.5.84. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Themeum Tutor LMS allows SQL 
Injection.This issue affects Tutor LMS: from n/a 
through 2.1.10. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Alex Benfica Publish to Schedule plugin 
<= 4.4.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Robert Schulz (sprd.Net AG) Spreadshop 
plugin <= 1.6.5 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in SuPlugins Superb Social Media Share 
Buttons and Follow Buttons for WordPress 
plugin <= 1.1.3 versions. 


Publish CVSS 
ed Score 
2023-11- 
07 
2 11- 
023-11 38 
03 
2 11- 
023-11 88 
09 
2023-11- 
8.8 
10 
2 11- 
023-11 T 
10 


Source & 
Patch Info 


CVE-2023- 
25983 


CVE-2023- 
25990 
MISC 


CVE-2023- 
25994 


CVE-2023- 
29426 


CVE-2023- 
29428 


Primary 


Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in PressTigers Simple Job Board plugin <= 2.10.3 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Tribulant Newsletters plugin <= 4.8.8 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Marco Steinbrecher WP BrowserUpdate 
plugin <= 4.4.1 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Igor Benic Simple Giveaways -Grow your 
business, email lists and traffic with contests 
plugin <= 2.46.0 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in JoomSky JS Job Manager plugin <= 2.0.0 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Faraz Quazi Floating Action Button plugin 
<= 1.2.1 versions. 


Publish 
ed 


2023-11- 
10 


2023-11- 
10 


2023-11- 
10 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
29440 


CVE-2023- 
30478 


CVE-2023- 
31078 


CVE-2023- 
31086 


CVE-2023- 
31087 


CVE-2023- 
31088 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Chronosly Chronosly Events Calendar plugin 
<= 2.6.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Roland Barker, xnau webdesign Participants 
Database plugin <= 2.4.9 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in PeepSo Community by PeepSo -Social 
Network, Membership, Registration, User 
Profiles plugin <= 6.0.9.0 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Criss Swaim TPG Redirect plugin <= 1.0.7 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Daniel Powney Multi Rating plugin <= 5.0.6 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in xtemos WoodMart - Multipurpose 
WooCommerce Theme <= 7.1.1 versions. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
31093 


CVE-2023- 
31235 


CVE-2023- 
32092 


CVE-2023- 
32093 


CVE-2023- 
32125 


CVE-2023- 
32500 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in E4J s.R.L. VikBooking Hotel Booking Engine & 
PMS plugin <= 1.6.1 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Sybre Waaijer Pro Mime Types - Manage file 
media types plugin <= 1.0.7 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in ShortPixel ShortPixel Adaptive Images - 
WebP, AVIF, CDN, Image Optimization plugin 

<= 3.7.1 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Designs & Code Forget About Shortcode 
Buttons plugin <= 2.1.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WP Reactions, LLC WP Reactions Lite plugin 
<= 1.3.8 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Palasthotel by Edward Bock, Katharina Rompf 
Sunny Search plugin <= 1.0.2 versions. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
32501 


CVE-2023- 
32502 


CVE-2023- 
32512 


CVE-2023- 
32579 


CVE-2023- 
32587 


CVE-2023- 
32592 


Primary 


Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Benedict B., Maciej Gryniuk Hyphenator 
plugin <= 5.1.5 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in LOKALYZE CALL ME NOW plugin <= 3.0 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Web_Trendy WP Custom Cursors | WordPress 
Cursor Plugin plugin < 3.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WooCommerce Product Recommendations 
plugin <= 2.3.0 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WooCommerce AutomateWoo plugin <= 5.7.1 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WooCommerce Product Add-Ons plugin 
<= 6.1.3 versions. 


Publish CVSS 
ed Score 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 


Source & 
Patch Info 


CVE-2023- 
32594 


CVE-2023- 
32602 


CVE-2023- 
32739 


CVE-2023- 
32744 


CVE-2023- 
32745 


CVE-2023- 
32794 


Primary 


Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in WP Inventory Manager plugin <= 2.1.0.13 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Guillemant David WP Full Auto Tags Manager 
plugin <= 2.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in LWS LWS Hide Login plugin <= 2.1.6 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Pascal Casier bbPress Toolkit plugin <= 1.0.12 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Malinky Ajax Pagination and Infinite Scroll 
plugin <= 2.0.1 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in SAKURA Internet Inc. TS Webfonts for 


Cross-Site Request Forgery (CSRF) vulnerability 
in Kenth Hagstrom WP-Cache.Com plugin <= 1.1.1 
versions. 


Publish CVSS 
ed Score 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 
2023-11- 
8.8 
09 


Source & 
Patch Info 


CVE-2023- 
34002 


CVE-2023- 
34024 


CVE-2023- 
34025 


CVE-2023- 
34031 


CVE-2023- 
34033 


CVE-2023- 
34169 


CVE-2023- 
34177 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Groundhogg Inc. Groundhogg plugin <= 2.7.11 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WP-Cirrus plugin <= 0.6.11 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Peter Shaw LH Password Changer plugin 
<= 1.55 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Didier Sampaolo SpamReferrerBlock plugin 
<= 2.22 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WPClever WPC Smart Wishlist for 
WooCommerce plugin <= 4.7.1 versions. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
34178 


CVE-2023- 
34181 


CVE-2023- 
34182 


CVE-2023- 
34371 


CVE-2023- 
34386 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Nucleus_genius Quasar form 
free -Contact Form Builder for WordPress allows 
SQL Injection.This issue affects Quasar form 
free -Contact Form Builder for WordPress: from 
n/a through 6.0. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in BestWebSoft Post to 
CSV by BestWebSoft.This issue affects Post to 
CSV by BestWebSoft: from n/a through 1.4.0. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Smartypants SP Project & 
Document Manager allows SQL Injection.This 
issue affects SP Project & Document Manager: 
from n/a through 4.67. 


Publish 
ed 


2023-11- 
04 


2023-11- 
07 


2023-11- 
03 


CVSS 
Score 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
35910 
MISC 


CVE-2023- 
36527 


CVE-2023- 
36677 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in woWax Directorist - 
WordPress Business Directory Plugin with 
Classified Ads Listing.This issue affects 
Directorist -WordPress Business Directory 
Plugin with Classified Ads Listings: from n/a 
through 7.7.1. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in bPlugins LLC Icons Font Loader 
allows SQL Injection. This issue affects Icons 
Font Loader: from n/a through 1.1.2. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Mat Bao Corp WP Helper Premium plugin 
<= 4.5.1 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Djo Original texts Yandex WebMaster plugin 
<= 1.18 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Serena Villa Auto Excerpt everywhere plugin 
<= 1.5 versions. 


Publish 
ed 


2023-11- 
07 


2023-11- 
06 


2023-11- 
09 


2023-11- 
06 


2023-11- 
06 


CVSS 
Score 


8.8 


8.8 


8.8 


8.8 


8.8 


Source & 
Patch Info 


CVE-2023- 
41798 


CVE-2023- 
46084 
MISC 


CVE-2023- 
46614 


CVE-2023- 
46775 
MISC 


CVE-2023- 
46776 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Custom Login Page | Temporary Users | 
Rebrand Login | Login Captcha plugin <= 1.1.3 
versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in TheFreeWindows Auto Limit Posts Reloaded 
plugin <= 2.5 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in EasyRecipe plugin <= 3.5.3251 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Alter plugin <= 1.0 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in Roland Murg Current Menu Item for Custom 
Post Types plugin <= 1.5 versions. 


Cross-Site Request Forgery (CSRF) leading toa 
Stored Cross-Site Scripting (XSS) vulnerability 
in Nazmul Hossain Nihal Login Screen Manager 
plugin <= 3.5.2 versions. 


Publish CVSS 
ed Score 
2023-11- 
06 
2 11- 
023-11 3.8 
06 
2 11- 
023-11 ae 
06 
2023-11- 
8.8 
06 
2023-11- 
8.8 
06 
2 11- 
023-11 ag 
06 


Source & 
Patch Info 


CVE-2023- 
46777 
MISC 


CVE-2023- 
46778 
MISC 


CVE-2023- 
46779 
MISC 


CVE-2023- 
46780 
MISC 


CVE-2023- 
46781 
MISC 


CVE-2023- 
47182 
MISC 


Primary 


Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Kadence WP Kadence WooCommerce Email 
Designer plugin <= 1.5.11 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in WebberZone Top 10-WordPress Popular posts 
by WebberZone plugin <= 3.3.2 versions. 


Cross-Site Request Forgery (CSRF) vulnerability 
in ThemekKraft TK Google Fonts GDPR 
Compliant plugin <= 2.2.11 versions. 


The Awesome Support WordPress plugin before 
6.1.5 does not sanitize file paths when deleting 
temporary attachment files, allowing a ticket 
submitter to delete arbitrary files on the server. 


Publish CVSS 
ed Score 
2023-11- 
8.8 
06 
2023-11- 
8.8 
09 
2023-11- 
8.8 
06 
2023-11- 
8.1 
06 


Source & 
Patch Info 


CVE-2023- 
47186 
MISC 


CVE-2023- 
47238 


CVE-2023- 
5823 
MISC 


CVE-2023- 
5355 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/d6f7faca- 
dacf-4455- 
a837- 
0404803d0f25 


> 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in Solwin Infotech User 
Blocker. This issue affects User Blocker: from 
n/a through 1.5.5. 


Improper Neutralization of Formula Elements in 
a CSV File vulnerability in WPEkaClub WP 
Cookie Consent ( for GDPR, CCPA & ePrivacy 
).This issue affects WP Cookie Consent ( for 
GDPR, CCPA & ePrivacy ): from n/a through 
2.2.5. 


Improper Neutralization of Special Elements 
used in an SQL Command ('SQL Injection’) 
vulnerability in Highfivery LLC Zero Spam for 
WordPress allows SQL Injection.This issue 
affects Zero Spam for WordPress: from n/a 
through 5.4.4. 


Improper Neutralization of Special Elements 
used in an SQL Command ('SQL Injection’) 
vulnerability in Rolf van Gelder Order Your Posts 
Manually allows SQL Injection.This issue affects 
Order Your Posts Manually: from n/a through 
2.2.5: 


Publish CVSS 
ed Score 
2023-11- 
07 
2023-11- 
7.2 
07 
2023-11- 
7.2 
03 
2 11- 
023-11 72 
03 


Source & 
Patch Info 


CVE-2022- 
45078 


CVE-2023- 
23678 


CVE-2023- 
32121 
MISC 


CVE-2023- 
32508 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in IT Path Solutions PVT LTD 
Contact Form to Any API allows SQL 
Injection.This issue affects Contact Form to Any 
API: from n/a through 1.1.2. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Groundhogg Inc. Groundhogg 
allows SQL Injection.This issue affects 
Groundhogg: from n/a through 2.7.11. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Themesgrove Onepage Builder 
allows SQL Injection.This issue affects Onepage 
Builder: from n/a through 2.4.1. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Demonisblack demon image 
annotation allows SQL Injection.This issue 
affects demon image annotation: from n/a 
through 5.1. 


Publish CVSS 


ed Score 
2023-11- 
04 
2 11- 
023-11 72 
03 
2 11- 
023-11 72 
04 
2 11- 
023-11 72 
04 


Source & 
Patch Info 


CVE-2023- 
32741 
MISC 


CVE-2023- 
34179 
MISC 


CVE-2023- 
38391 
MISC 


CVE-2023- 
40215 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
p ed 


Improper Neutralization of Special Elements 

used in an SQL Command ('SQL Injection’) 

vulnerability in Milan Petrovic GD Security 2023-11- 
Headers allows auth. (admin+) SQL Injection.This 06 
issue affects GD Security Headers: from n/a 

through 1.7. 


Improper Neutralization of Special Elements 
used in an SQL Command (‘SQL Injection’) 
vulnerability in Avirtum ImageLinks Interactive 
Image Builder for WordPress allows SQL 
Injection.This issue affects ImageLinks 


2023-11- 
06 


Interactive Image Builder for WordPress: from 
n/a through 1.5.4. 


The History Log by click5 WordPress plugin 
before 1.0.13 does not properly sanitise and 


ter bef ing itina SQL 
escape a parameter before using it ina SQ 2023-11- 


statement, leading to a SQL injection 06 


exploitable by admin users when using the 
Smash Balloon Social Photo Feed plugin 
alongside it. 


CVSS 
Score 


7.2 


7.2 


7.2 


Source & 
Patch Info 


CVE-2023- 
46821 
MISC 


CVE-2023- 
46823 
MISC 


CVE-2023- 
5082 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/13a196ba- 
49c7-4575- 
9a49- 
3ef9eb2348f3 


> 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wpn-xm --wpn-xm 


Description 


Cross-Site Request Forgery (CSRF) vulnerability 
in Martin Gibson Auto Publish for Google My 
Business plugin <= 3.7 versions. 


A local file inclusion vulnerability has been 
found in WPN-XM Serverstack affecting version 
0.8.6, which would allow an unauthenticated 
user to perform a local file inclusion (LFI) via the 
/tools/webinterface/index.php?page parameter 
by sending a GET request. This vulnerability 
could lead to the loading of a PHP file on the 
server, leading to a critical webshell exploit. 


Publish 
ed 


2023-11- 
09 


2023-11- 
03 


CVSS 
Score 


8.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
47237 


CVE-2023- 
4591 

MISC 
<https://www.in 
cibe.es/en/incib 
e- 
cert/notices/avi 
so/multiple- 
vulnerabilities- 
wpn-xm- 


serverstack> 


Primary 


Vendor -- Product 


xwiki --xwiki 


Publish 


Description ed 
XWiki Platform is a generic wiki platform 2023-11- 
offering runtime services for applications built 06 


on top of it. XWiki doesn't properly escape the 
section URL parameter that is used in the code 
for displaying administration sections. This 
allows any user with read access to the 
document ‘XWiki.AdminSheet (by default, 
everyone including unauthenticated users) to 
execute code including Groovy code. This 
impacts the confidentiality, integrity and 
availability of the whole XWiki instance. This 
vulnerability has been patched in XWiki 14.10.14, 
15.6 RC1 and 15.5.1. Users are advised to 
upgrade. Users unablr to upgrade may apply the 
fix in commit fec8e0e53f9° manually. 
Alternatively, to protect against attacks from 
unauthenticated users, view right for guests can 
be removed from this document (it is only 
needed for space and wiki admins). 


CVSS 
Score 


9.8 


Source & 
Patch Info 


CVE-2023- 
46731 

MISC 
<https://github. 
com/xwiki/xwik 
j- 
platform/securi 
ty/advisories/g 
hsa-62pr-qqf7- 
hh89> 

MISC 
<https://github. 
com/xwiki/xwik 
j- 
platform/comm 
it/fec8e0e53f9 
fa2c3fle568cc 
15b0e972727c 
803a> 

MISC 
<https://jira.xwi 
ki.org/browse/x 
wiki-21110> 
MISC 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


<https://github. 
com/xwiki/xwik 
j- 
platform/comm 
it/fec8e0e53f9 
fa2c3fle568cc 
15b0e972727c 
803a#diff- 
6271f9be501f3 
Ob2ba55459eb 
45laee3413d3 
4171ba8198a77 
c865306d174e 
23> 


XWiki Platform is a generic wiki platform 

offering runtime services for applications built 

on top of it. In affected versions it's possible to CVE-2023- 

execute a content with the right of any user via a 2023-11- 46242 
xwiki--xwiki crafted URL. A user must have programming” 07 8.8 

privileges in order to exploit this vulnerability. 

This issue has been patched in XWiki 14.10.7 and 

15.2RC1. Users are advised to upgrade. There are 


no known workarounds for for this vulnerability. 


Primary 
Vendor -- Product 


xwiki --xwiki 


Description 


XWiki Platform is a generic wiki platform 
offering runtime services for applications built 
on top of it. In affected versions it's possible for 
a user to execute any content with the right of 
an existing document's content author, provided 
the user have edit right on it. A crafted URL of 
the form ~ /xwiki/bin/edit//? 

content=%/B% 7Bgroovy%7D%/7Dprintln%28% 
22Hellot+from+Groovy%21%22%29%/7B%/7B%2 
Fgroovy%/D%/D&xpage=view can be used to 
execute arbitrary groovy code on the server. This 
vulnerability has been patched in XWiki versions 
14.10.6 and 15.2RC1. Users are advised to 
update. There are no known workarounds for 
this issue. 


Publish 
ed 


2023-11- 
07 


CVSS 
Score 


8.8 


Source & 
Patch Info 


CVE-2023- 
46243 


Primary 
Vendor -- Product 


xwiki --xwiki 


Description 


XWiki Platform is a generic wiki platform 
offering runtime services for applications built 
on top of it. In affected versions it's possible for 
a user to write a script in which any velocity 
content is executed with the right of any other 
document content author. Since this API require 
programming right and the user does not have it, 
the expected result is 
‘Sdoc.document.authors.contentAuthor (not 
executed script), unfortunately with the security 
vulnerability it is possible for the attacker to get 
*XWiki.superadmin which shows that the title 
was executed with the right of the unmodified 
document. This has been patched in XWiki 
versions 14.10.7 and 15.2RC1. Users are advised 
to upgrade. There are no known workarounds for 
this vulnerability. 


Publish 
ed 


2023-11- 
07 


CVSS 
Score 


8.8 


Source & 
Patch Info 


CVE-2023- 
46244 


Primary 
Vendor -- Product 


xxyopen --novel-plus 


zavio --cf7500_ firmware 


Description open 
ed 

SQL injection vulnerability in Novel-Plus v.4.2.0 

allows a remote attacker to execute arbitrary 2023-11- 

code via a crafted script to the sort parameter in 05 

/common/log/list. 

Zavio CF7500, CF7300, CF7201, CF7501, 

CB3211, CB3212, CB5220, CB6231, B8520, 

B8220, and CD321 IP Cameras with firmware 

version M2.1.6.05 are vulnerable to stack-based 

overflows. During the process of updating ae 


certain settings sent from incoming network 
requests, the product does not sufficiently 
check or validate allocated buffer size. This may 
lead to remote code execution. 


CVSS 
Score 


9.8 


9.8 


Source & 
Patch Info 


CVE-2023- 
46981 

MISC 
<https://github. 
com/junfengde 
ng/cve- 
list/blob/main/ 
novel- 
plus/20231027/ 
vuln/readme.m 
d> 


CVE-2023- 
39435 


Primary Desertion Publish CVSS | Source & 
Vendor -- Product SAE ed Score | Patch Info 


Zavio CF7500, CF7300, CF7201, CF7501, 
CB3211, CB3212, CB5220, CB6231, B8520, 
B8220, and CD321 IP Cameras with firmware 
| | version M2.1.6.05 are vulnerable to multiple 2023-11- CVE-2023- 
zavio--cf7500_firmware instances of stack-based overflows. While 08 9.8 3959 
processing XML elements from incoming 
network requests, the product does not 
sufficiently check or validate allocated buffer 


size. This may lead to remote code execution. 


Zavio CF7500, CF7300, CF7201, CF7501, 
CB3211, CB3212, CB5220, CB6231, B8520, 
zavio --cf7500 firmware B8220, and CD321 IP Cameras with firmware 2023-11- 98 CVE-2023- 
j version M2.1.6.05 has a command injection 08 4249 
vulnerability in their implementation of their 


binaries and handling of network requests. 


Primary pkseriation Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


Zavio CF7500, CF7300, CF7201, CF7501, 
CB3211, CB3212, CB5220, CB6231, B8520, 
B8220, and CD321 IP Cameras with firmware 
version M2.1.6.05 are vulnerable to multiple 
; : instances of stack-based overflows. During the 2023-11- CVE-2023- 
zavio --cf7500_ firmware , : a ; 9.8 
processing and parsing of certain fields in XML 08 43755 
elements from incoming network requests, the 
product does not sufficiently check or validate 
allocated buffer size. This may lead to remote 


code execution. 


Zavio CF7500, CF7300, CF7201, CF7501, 
CB3211, CB3212, CB5220, CB6231, B8520, 
B8220, and CD321 IP Cameras with firmware 
| | veraia M2.1.6.05 are vulnerable to multiple 2023-11- CVE-2023- 
zavio--cf7500_firmware instances of stack-based overflows. While 9.8 
parsing certain XML elements from incoming ee ee 
network requests, the product does not 
sufficiently check or validate allocated buffer 


size. This may lead to remote code execution. 


Primary 
Vendor -- Product 


zohocorp-- 
manageengine_desktop 
_central 


Back to top 


a Publish CVSS 
Description 


ed Score 
A SSRF vulnerability has been found in 
ManageEngine Desktop Central affecting 
version 9.1.0, specifically the /smtpConfig.do 
component. This vulnerability could allow an 2023-11- 
authenticated attacker to launch targeted 03 


attacks, such as a cross-port attack, service 
enumeration and other attacks via HTTP 
requests. 


Medium Vulnerabilities 


Source & 
Patch Info 


CVE-2023- 
4769 

MISC 
<https://www.in 
cibe.es/en/incib 
e- 
cert/notices/avi 
so/multiple- 
vulnerabilities- 
manageengine- 
desktop- 


central> 


Primary Publish CVSS | Source & 
ed Score | Patch Info 


D . ti 
Vendor -- Product escription 


Allura Discussion and Allura Forum importing 

does not restrict URL values specified in 

attachments. Project administrators can run 

these imports, which could cause Allura to read 

local files and expose them. Exposing internal 

files then can lead to other exploits, like session 2023-11- CVE-2023- 
apache --allura hijacking, or remote code execution. This issue 07 4.9 46851 

affects Apache Allura from 1.0.1 through 1.15.0. 

Users are recommended to upgrade to version 

1.16.0, which fixes the issue. If you are unable to 

upgrade, set 

"disable_entry_points.allura.importers = forge- 

tracker, forge-discussion" in your .ini config file. 


Missing Authentication in Apache Software CVE-2023- 

Foundation Apache OFBiz when using the Solr 2023-11- 46819 
apache --ofbiz plugin. This issue affects Apache OFBiz: before 07 5.3 

18.12.09. Users are recommended to upgrade to 

version 18.12.09 
arn -- | A local non: pHMleged user can make GEL 2023-11- CVE-2023- 
bifrost_gpu_kernel_driv processing operations that expose sensitive 07 55 4272 


er data from previously freed memory. 


Primary 
Vendor -- Product 


bootboxjs -- bootbox 


Description 


Cross Site Scripting vulnerability in BootBox 
Bootbox.js v.3.2 through 6.0 allows a remote 
attacker to execute arbitrary code via a crafted 


payload to alert(), confirm(), prompt() functions. 


Publish CVSS 
ed Score 


2023-11- 


6.1 
07 


Source & 
Patch Info 


CVE-2023- 
46998 


Primary 
Vendor -- Product 


clastix --capsule 


Publish 


D ipti 

escription ed 
capsule-proxy is a reverse proxy for Capsule 2023-11- 
kubernetes multi-tenancy framework. A bug in 06 


the RoleBinding reflector used by ‘capsule- 
proxy gives ServiceAccount tenant owners the 
right to list Namespaces of other tenants 
backed by the same owner kind and name. For 
example, consider two tenants ‘solar and ‘wind. 
Tenant ‘solar, owned by a ServiceAccount 
named ‘tenant-owner in the Namespace ‘solar’. 
Tenant ‘wind’, owned by a ServiceAccount 
named ‘tenant-owner in the Namespace wind’. 
The Tenant owner ‘solar would be able to list the 
namespaces of the Tenant ‘wind’ and vice-versa, 
although this is not correct. The bug introduces 
an exfiltration vulnerability since allows the 
listing of Namespace resources of other 
Tenants, although just in some specific 
conditions: 1. capsule-proxy runs with the `-- 
disable-caching=false’ (default value: false’) 
and 2. Tenant owners are ServiceAccount, with 
the same resource name, but in different 
Namespaces. This vulnerability doesn't allow 
any privilege escalation on the outer tenant 
Namespace-scoped resources, since the 


CVSS 
Score 


4.3 


Source & 
Patch Info 


CVE-2023- 
46254 

MISC 
<https://github. 
com/projectcap 
sule/capsule- 
proxy/commit/ 
615202f7b02ea 
ec7681336bd6 
3daed1f39ae00 
c5> 

MISC 
<https://github. 
com/projectcap 
sule/capsule- 
proxy/security/ 
advisories/ghsa 
-6758-979h- 
249x> 


Primary 


Vendor -- Product 


Publish 
ed 


Description 


Source & 
Patch Info 


cloudnet360 -- 
cloudnet360 


color --demoiccmax 


cure53 --dompurify 


Kubernetes RBAC is enforcing this. This issue 
has been addressed in version 0.4.5. Users are 
advised to upgrade. There are no known 
workarounds for this vulnerability. 


Unauth. Reflected Cross-Site Scripting (XSS) 


2023-11- 
vulnerability in GARY JEZORSKI CloudNet360 08 
plugin <= 3.2.0 versions. 
In International Color Consortium DemolccMAX 
79ecb74, a ClecXmlArrayType:::ParseText 2023-11- 
function (for unsigned short) in IccUtilXml.cpp 05 
in liblccXML.a has an out-of-bounds read. 
DOMPurify before 1.0.11 allows reverse 
tabnabbing in demos/hooks-target-blank- 2023-11- 
demo.html because links lack a 'rel="noopener 07 


noreferrer" attribute. 


6.1 


6.5 


6.1 


CVE-2023- 
46643 


CVE-2023- 
47249 

MISC 
<https://github. 
com/internatio 
nalcolorconsort 
ium/demoiccm 


ax/issues/54> 


CVE-2019- 
25155 


Primary Dkserintion Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


Docker Machine through 0.16.2 allows an 

attacker, who has control of a worker node, to 

provide crafted version data, which might CVE-2023- 

potentially trick an administrator into agadi 40453 
docker --machine performing an unsafe action (via escape 07 6.5 

sequence injection), or might have a data size 

that causes a denial of service to a bastion node. 

NOTE: This vulnerability only affects products 


that are no longer supported by the maintainer. 


A vulnerability classified as problematic was 

found in dstar2018 Agency up to 61. Affected by 

this vulnerability is an unknown functionality of 

the file search.php. The manipulation of the CVE-2019- 

argument QSType/QuickSearch leads to cross b023: 25156 
dstar2018 --agency site scripting. The attack can be launched 07 6.1 

remotely. The patch is named 

975b56953efabb434519d9feefcc53685fb8d0 

ab. It is recommended to apply a patch to fix this 

issue. The associated identifier of this 


vulnerability is VDB-244495. 


Primary 


Vendor -- Product 


gitlab--gitlab 


gitlab--gitlab 


Publish 


Description 
p ed 


An issue has been discovered in GitLab CE/EE 
affecting all versions starting from 12.3 before 


16.3.6, all i tarting f 16.4 bef 
all versions starting from efore 202311- 


16.4.2, all versions starting from 16.5 before 06 


16.5.1. A Regular Expression Denial of Service 
was possible by adding a large string in timeout 
input in gitlab-ci.yml file. 


An authorization issue affecting GitLab EE 

affecting all versions from 14.7 prior to 16.3.6, 

16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, 2023-11- 
allowed a user to run jobs in protected 06 
environments, bypassing any required 

approvals. 


CVSS 
Score 


6.5 


6.5 


Source & 
Patch Info 


CVE-2023- 
3909 

MISC 
<https://hacker 
one.com/report 
s/2050269> 
MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/418763> 


CVE-2023- 
4700 

MISC 
<https://hacker 
one.com/report 
s/2129826> 
MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/421937> 


Primary 


Vendor -- Product 


gitlab--gitlab 


gitlab--gitlab 


Publish 


D ipti 
escription ed 


An issue has been discovered in GitLab CE/EE 
affecting all versions starting from 16.2 before 
16.3.6, all versions starting from 16.4 before 
16.4.2, all versions starting from 16.5 before 
16.5.1. A low-privileged attacker can point a 
Cl/CD Component to an incorrect path and 
cause the server to exhaust all available 


2023-11- 
06 


memory through an infinite loop and cause 
Denial of Service. 


An issue has been discovered in GitLab CE/EE 

affecting all versions starting from 16.0 before 

16.3.6, all versions starting from 16.4 before 

16.4.2, and all versions starting from 16.5.0 

before 16.5.1 which have the 2023-11- 
‘super_sidebar_logged_out feature flag 06 
enabled. Affected versions with this default- 

disabled feature flag enabled may 

unintentionally disclose GitLab version 

metadata to unauthorized actors. 


CVSS 
Score 


6.5 


5.3 


Source & 
Patch Info 


CVE-2023- 
5825 

MISC 
<https://hacker 
one.com/report 
s/2218566> 
MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/428984> 


CVE-2023- 
5831 

MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/428919> 


Primary 


Vendor -- Product 


gitlab--gitlab 


gitlab--gitlab 


Description pupnen 
ed 

An issue has been discovered in GitLab EE/CE 

affecting all versions starting before 16.3.6, all 

versions starting from 16.4 before 16.4.2, all 2023-11- 

versions starting from 16.5 before 16.5.1 which 06 

allows an attacker to block Sidekig job 

processor. 

An issue has been discovered in GitLab EE with 

Advanced Search affecting all versions from 

13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior 2023-11- 

to 16.5.1 that could allow a denial of service in 06 


the Advanced Search function by chaining too 
many syntax operators. 


CVSS 
Score 


4.3 


4.3 


Source & 
Patch Info 


CVE-2023- 
3246 

MISC 
<https://hacker 
one.com/report 
s/2014157> 
MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/415371> 


CVE-2023- 
5963 

MISC 
<https://gitlab. 
com/gitlab- 
org/gitlab/-/iss 
ues/423468> 


Primary 
Vendor -- Product 


google -- android 


google --android 


Publish 


Description 
R ed 


In vdec, there is a possible out of bounds write 
due to type confusion. This could lead to local 


lati f privil ith Syst ti 
escalation of privilege with System execution 2023-11- 


privileges needed. User interaction is not 06 


needed for exploitation. Patch ID: 
ALPS08163896 & ALPS08013430; Issue ID: 
ALPS07867715. 


In secmem, there is a possible memory 

corruption due to type confusion. This could lead 

2023-11- 
execution privileges needed. User interaction is 06 


to local escalation of privilege with System 


not needed for exploitation. Patch ID: 
ALPS08161762; Issue ID: ALPSO8161762. 


CVSS 
Score 


6.7 


6.7 


Source & 
Patch Info 


CVE-2023- 
32818 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
32834 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


Primary 
Vendor -- Product 


google -- android 


google --android 


Publish 


Description 
R ed 


In keyinstall, there is a possible memory 

corruption due to type confusion. This could lead 

to local escalation of privilege with System 2023-11- 
execution privileges needed. User interaction is 06 
not needed for exploitation. Patch ID: 

ALPS08157918; Issue ID: ALPS08157918. 


In display, there is a possible out of bounds write 

due to an integer overflow. This could lead to 

2023-11- 
execution privileges needed. User interaction is 06 


local escalation of privilege with System 


not needed for exploitation. Patch ID: 
ALPS08126725; Issue ID: ALPSO08126725. 


CVSS 
Score 


6.7 


6.7 


Source & 
Patch Info 


CVE-2023- 
32835 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
32836 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


Primary 
Vendor -- Product 


google -- android 


google --android 


aot Publish 
Description ed 
In dpe, there is a possible out of bounds write 
due to a missing valid range checking. This 
could lead to local escalation of privilege with 2023-11- 
System execution privileges needed. User 06 
interaction is not needed for exploitation. Patch 
ID: ALPSO7310805; Issue ID: ALPSO7310805. 
In dpe, there is a possible out of bounds write 
due to a missing valid range checking. This 
could lead to local escalation of privilege with 2023-11- 
System execution privileges needed. User 06 


interaction is not needed for exploitation. Patch 
ID: ALPSO7262576; Issue ID: ALPSO7262576. 


CVSS 
Score 


6.7 


6.7 


Source & 
Patch Info 


CVE-2023- 
32838 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
32839 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


Primary 
Vendor -- Product 


google --android 


gvectors --wpdiscuz 


Description 


In bluethooth service, there is a possible out of 
bounds reads due to improper input validation. 
This could lead to local information disclosure 
with no additional execution privileges needed. 
User interaction is not needed for exploitation. 
Patch ID: ALPSO7884130; Issue ID: 
ALPS07884130. 


Unauth. Stored Cross-Site Scripting (XSS) 
vulnerability in gVectors Team Comments - 
wpDiscuz plugin <= 7.6.11 versions. 


Publish 
ed 


2023-11- 
06 


2023-11- 
06 


CVSS 
Score 


5.5 


6.1 


Source & 
Patch Info 


CVE-2023- 
32825 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
47185 
MISC 


Primary 


Vendor -- Product 


hillstonenet --sc-6000- 
e3960_firmware 


huawei --emui 


huawei --emui 


rae Publish 
Description ed 
Cross Site Scripting (XSS) vulnerability in 
Hillstone Next Generation FireWall SG-6000- 2023-11 
e3960 v.5.5 allows a remote attacker to execute 05 
arbitrary code via the use front-end filtering 
instead of back-end filtering. 
Race condition vulnerability in the kernel 
module. Successful exploitation of this 2023-11- 
vulnerability may cause variable values to be 08 
read with the condition evaluation bypassed. 
Vulnerability of input parameters being not 
strictly verified in the input. Successful 2023-11- 
exploitation of this vulnerability may cause the 08 


launcher to restart. 


CVSS 
Score 


6.1 


5.9 


5.3 


Source & 
Patch Info 


CVE-2023- 
46964 

MISC 
<https://foremo 
st-smash- 
52a.notion.site/ 
hillstone-next- 
generation- 
firewall-xss- 
cve-2023- 
46964- 
6cflfeQle7ed4 
795adb1d89d7 
5030d16> 


CVE-2022- 
48613 


CVE-2023- 
46755 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Vul bility of back d issi 
ulnerabili yo ackground app permission CVE-2023- 
f ; management in the framework module. 2023-11- 
huawei --emui oe ; ne 5.3 46763 
Successful exploitation of this vulnerability may 08 
cause background apps to start maliciously. 
Unauthorized start l bility of 
nauthorized startup vulnerabili yo CVE-2023- 
; ; background apps. Successful exploitation of 2023-11- 
huawei --emui , S 5.3 46764 
this vulnerability may cause background apps to 08 
start maliciously. 
P issi trol vul bility in the wind 
AE E E T CVE-2028- 
huawei --harmonyos E j 5.3 46756 


this vulnerability may cause malicious pop-up 08 
windows. 


Primary 
Vendor -- Product 


ibm --content_navigator 


Description 


IBM Content Navigator 3.0.13 is vulnerable to 
server-side request forgery (SSRF). This may 
allow an authenticated attacker to send 
unauthorized requests from the system, 


potentially leading to network enumeration or 


facilitating other attacks. IBM X-Force ID: 
259247. 


Publish CVSS 


Score 


2023-11- 


5.4 
03 


Source & 
Patch Info 


CVE-2023- 
35896 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
65203> 

MISC 
<https://exchan 
ge.xforce.ibmcel 
oud.com/vulner 
abilities/25924 
7> 


Primary 
Vendor -- Product 


ibm -- 
robotic_process_automa 
tion_for_cloud_pak 


Description 


A vulnerability in IBM Robotic Process 
Automation and IBM Robotic Process 
Automation for Cloud Pak 21.0.0 through 
21.0.7.10, 23.0.0 through 23.0.10 may result in 
access to client vault credentials. This difficult 
to exploit vulnerability could allow a low 
privileged attacker to programmatically access 


client vault credentials. IBM X-Force ID: 268752. 


Publish 
ed 


2023-11- 
03 


CVSS 
Score 


6.5 


Source & 
Patch Info 


CVE-2023- 
45189 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
65204> 

MISC 
<https://exchan 
ge.xforce.ibmcel 
oud.com/vulner 
abilities/26875 
2> 


Primary 
Vendor -- Product 


ibm -- 
txseries_for_multiplatfo 
rms 


jbig2enc_project -- 
jbig2enc 


Description pupnen 
ed 

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, 

and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are 

vulnerable to cross-site scripting. This 

vulnerability allows users to embed arbitrary 2023-11- 


JavaScript code in the Web UI thus altering the 03 
intended functionality potentially leading to 

credentials disclosure within a trusted session. 

IBM X-Force ID: 266059. 


jbig2enc v0.28 was discovered to contain a 

2023-11- 
jbig2enc_auto_threshold_using_hash in 08 
src/jbig2enc.cc. 


heap-use-after-free via 


CVSS 
Score 


5.4 


5.5 


Source & 
Patch Info 


CVE-2023- 
42029 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
63663> 

MISC 
<https://www.ib 
m.com/support/ 
pages/node/70 
63659> 

MISC 
<https://exchan 
ge.xforce.ibmel 
oud.com/vulner 
abilities/26605 
9> 


CVE-2023- 
46362 


Primary 
Vendor -- Product 


jbig2enc_project -- 
jbig2enc 


kaoshifeng -- 
yunfan_learning_examin 
ation_system 


kyocera --d- 
copia253mf_plus_firmw 
are 


Publish 
Description aoe 


ed 
jbig2enc v0.28 was discovered to contain a 2023-11- 
SEGV via jbig2_add_page in src/jbig2enc.cc:512. 08 
An issue in Beijing Yunfan Internet Technology 
Co., Ltd, Yunfan Learning Examination System 2023-11 
v.6.5 allows a remote attacker to obtain 04 
sensitive information via the password 
parameter in the login function. 
Kyocera TASKalfa 4053ci printers through 
2VG_S000.002.561 allow identification of valid 2023-11 
user accounts via username enumeration 03 


because they lead to a "nicht einloggen" error 
rather than a falsch error. 


CVSS 
Score 


5.5 


5.3 


5.3 


Source & 
Patch Info 


CVE-2023- 
46363 


CVE-2023- 
46963 

MISC 
<https://github. 
com/nbslclass/ 
glassfish/blob/ 
main/proof-of- 
vulnerability.m 
d> 


CVE-2023- 
34261 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/jul/1 
5> 

MISC 
<https://sec- 
consult.com/vul 


nerability-lab/> 


Primary 
Vendor -- Product 


kyocera --d- 
copia253mf_plus_firmw 
are 


lenovo --desktop_bios 


lenovo --desktop_bios 


Publish 


D ipti 
escription ed 


Kyocera TASKalfa 4053ci printers through 
2VG_S000.002.561 allow 
/wlmdeu%2f%2e%2e%2f%2e%2e directory 


2023-11- 
traversal to read arbitrary files on the 


. f 03 
filesystem, even files that require root 


privileges. NOTE: this issue exists because of an 
incomplete fix for CVE-2020-23575. 


A buffer overflow was reported in the 


BiosExtensionLoad dule i L 
lOSEXtensionLoader moaute In some Lenovo 2023-11- 


Desktop products that may allow a local 08 


attacker with elevated privileges to execute 
arbitrary code. 


A buffer overflow was reported in the 
LEMALLDriversConnectedEventHook module in 


2023-11- 
some Lenovo Desktop products that may allow a 


08 
local attacker with elevated privileges to 


execute arbitrary code. 


CVSS 
Score 


4.9 


6.7 


6.7 


Source & 
Patch Info 


CVE-2023- 
34259 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/jul/1 
5> 

MISC 
<https://sec- 
consult.com/vul 


nerability-lab/> 


CVE-2023- 
43571 


CVE-2023- 
43573 


Primary 
Vendor -- Product 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


Description 


A buffer overflow was reported in the 
UltraFunctionTable module in some Lenovo 
Desktop products that may allow a local 
attacker with elevated privileges to execute 
arbitrary code. 


A buffer overflow was reported in the 

WMISwSmi module in some Lenovo Desktop 
products that may allow a local attacker with 
elevated privileges to execute arbitrary code. 


A buffer overflow was reported in the ReFlash 
module in some Lenovo Desktop products that 
may allow a local attacker with elevated 
privileges to execute arbitrary code. 


A buffer overflow was reported in the SmiFlash 
module in some Lenovo Desktop products that 
may allow a local attacker with elevated 
privileges to execute arbitrary code. 


A buffer overflow was reported in the 
SmuV11Dxe driver in some Lenovo Desktop 
products that may allow a local attacker with 
elevated privileges to execute arbitrary code. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


6.7 


6.7 


6.7 


6.7 


Source & 
Patch Info 


CVE-2023- 
43575 


CVE-2023- 
43576 


CVE-2023- 
43577 


CVE-2023- 
43578 


CVE-2023- 
43579 


Primary 
Vendor -- Product 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


Description 


A buffer overflow was reported in the 
SmuV11DxeVMR module in some Lenovo 
Desktop products that may allow a local 
attacker with elevated privileges to execute 
arbitrary code. 


A buffer overflow was reported in the 

Update_WMI module in some Lenovo Desktop 
products that may allow a local attacker with 
elevated privileges to execute arbitrary code. 


A buffer over-read was reported in the 
BiosExtensionLoader module in some Lenovo 
Desktop products that may allow a local 
attacker with elevated privileges to disclose 
sensitive information. 


A buffer over-read was reported in the 
LEMALLDriversConnectedEventHook module in 
some Lenovo Desktop products that may allow a 
local attacker with elevated privileges to 
disclose sensitive information. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


6.7 


6.7 


4.4 


4.4 


Source & 
Patch Info 


CVE-2023- 
43580 


CVE-2023- 
43581 


CVE-2023- 
43572 


CVE-2023- 
43574 


Primary 
Vendor -- Product 


linux --kernel 


linux --linux_kernel 


Publish 


Description 
ed 


The brcm80211 component in the Linux kernel 
through 6.5.10 has a brcemf_cfg80211_detach 
use-after-free in the device unplugging 
(disconnect the USB by hotplug) code. For 
physically proximate attackers with local 2023-11- 
access, this "could be exploited in a real world 03 
scenario." This is related to 
bremf_cfg80211_escan_timeout_worker in 
drivers/net/wireless/broadcom/brcm80211/brcm 
fmac/cfg80211.c. 


A flaw was found in KVM. An improper check in 


svm_set_x2apic_msr_interception() may allow 2023-11- 


direct access to host x2apic msrs when the 06 


guest resets its apic, potentially leading toa 
denial of service condition. 


CVSS 
Score 


4.3 


5.5 


Source & 
Patch Info 


CVE-2023- 
47233 
MISC 
MISC 


CVE-2023- 
5090 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-5090> 
MISC 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
. m CVE-2023- 
Mattermost fails to properly sanitize the request 5969 
to /api/v4/redirect_locati llowi 
OPEP IE o /api/v4/re ree _loca ome owing 2023-11- MISC 
an attacker, sending a specially crafted request 5.3 
mattermost 06 <https://matter 


to /api/v4/redirect_location, to fill up the 


: : most.com/secu 
memory due to caching large items. 


rity-updates> 


CVE-2023- 
Mattermost fails to properly sanitize the user 5968 
mattermost -- object when updating the username, resulting in 2023-11- 49 MISC 
mattermost the password hash being included in the 06 <https://matter 
response body. most.com/secu 
rity-updates> 
CVE-2023- 
Mattermost fails to properly validate requests to 5967 
mattermost -- the Calls plugin, allowing an attacker sending a 2023-11- 43 MISC 
mattermost request without a User Agent header to cause a 06 <https://matter 
panic and crash the Calls plugin most.com/secu 


rity-updates> 


Primary 
Vendor -- Product 


mediatek --lr12a 


mediawiki--mediawiki 


mediawiki--mediawiki 


Description 


In modem CCCI, there is a possible out of 
bounds write due to a missing bounds check. 
This could lead to local escalation of privilege 
with System execution privileges needed. User 
interaction may be also needed for exploitation 
Patch ID: MOLY01138425; Issue ID: 
MOLY01138425 (MSV-862). 


An issue was discovered in MediaWiki before 
1.35.12, 1.36.x through 1.39.x before 1.39.5, and 
1.40.x before 1.40.1. There is XSS in 
youhavenewmessagesmanyusers and 
youhavenewmessages i18n messages. This is 


related to 


MediaWikiYouhavenewmessagesfromusers. 


An issue was discovered in 
DifferenceEngine.php in MediaWiki before 
1.35.12, 1.36.x through 1.39.x before 1.39.5, and 
1.40.x before 1.40.1. diff-multi-sameuser (aka "X 
intermediate revisions by the same user not 
shown") ignores username suppression. This is 
an information leak. 


Publish 
ed 


2023-11- 
06 


2023-11- 
03 


2023-11- 
03 


CVSS 
Score 


6.5 


5.4 


4.3 


Source & 
Patch Info 


CVE-2023- 
32840 

MISC 
<https://corp.m 
ediatek.com/pr 
oduct-security- 
bulletin/novem 
ber-2023> 


CVE-2023- 
45360 

MISC 
<https://phabri 
cator.wikimedia 
.org/t340221> 


CVE-2023- 
45362 

MISC 
<https://phabri 
cator.wikimedia 
.org/t341529> 


Primary 
Vendor -- Product 


microsoft -- 
edge_chromium 


microsoft -- 
edge_chromium 


Description 


Microsoft Edge (Chromium-based) Remote Code 
Execution Vulnerability 


Microsoft Edge (Chromium-based) Information 
Disclosure Vulnerability 


Publish 
ed 


2023-11- 
03 


2023-11- 
07 


CVSS 
Score 


6.6 


6.5 


Source & 
Patch Info 


CVE-2023- 
36022 

MISC 
<https://msrc.m 
icrosoft.com/up 
date- 
guide/vulnerabi 
lity/cve-2023- 
36022> 


CVE-2023- 
36409 

MISC 
<https://msrc.m 
icrosoft.com/up 
date- 
guide/vulnerabi 
lity/cve-2023- 
36409> 


Primary 
Vendor -- Product 


microsoft -- 
edge_chromium 


microsoft --onenote 


microweber -- 
microweber 


Publish 
Description ae 


ed 
Microsoft Edge (Chromium-based) Spoofing 2023-11- 
Vulnerability 03 

2023-11- 
Microsoft OneNote Spoofing Vulnerability 06 
Microweber CMS version 2.0.1 is vulnerable to 2023-11 
stored Cross Site Scripting (XSS) via the profile 08 


picture file upload functionality. 


CVSS 
Score 


4.3 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
36029 

MISC 
<https://msrc.m 
icrosoft.com/up 
date- 
guide/vulnerabi 
lity/cve-2023- 
36029> 


CVE-2023- 
36769 

MISC 
<https://msrc.m 
icrosoft.com/up 
date- 
guide/vulnerabi 
lity/cve-2023- 
36769> 


CVE-2023- 
47379 


Primary 
Vendor -- Product 


microweber -- 
microweber 


mitsubishi_electric-- 
fx5u-32mt/es_firmware 


Publish 


Description 
p ed 


2023-11- 
microweber/microweber prior to 2.0. 07 


Improper Access Control in GitHub repository 


Improper Restriction of Excessive 

Authentication Attempts vulnerability in 

Mitsubishi Electric Corporation MELSEC iQ-F 

Series CPU modules Web server function allows 

a remote unauthenticated attacker to prevent 

legitimate users from logging into the Web 2023-11- 
server function for a certain period after the 06 
attacker has attempted to log in illegally by 

continuously attempting unauthorized login to 

the Web server function. The impact of this 

vulnerability will persist while the attacker 

continues to attempt unauthorized login. 


CVSS 
Score 


4.3 


5.3 


Source & 
Patch Info 


CVE-2023- 
5976 


CVE-2023- 
4625 

MISC 
<https://jvn.jp/v 
u/jvnvu946201 
34> 

MISC 
<https://www.m 
itsubishielectri 
c.com/en/psirt/ 
vulnerability/pd 
£/2023- 
014_en.pdf> 
MISC 
<https://www.ci 
sa.gov/news- 
events/ics- 
advisories/icsa- 
23-306-02> 


Primary 
Vendor -- Product 


moodle --moodle 


moodle --moodle 


moodle --moodle 


moodle --moodle 


Description 


The CSV grade import method contained an 
XSS risk for users importing the spreadsheet, if 
it contained unsafe content. 


The course upload preview contained an XSS 
risk for users uploading unsafe data. 


Wiki comments required additional sanitizing 
and access restrictions to prevent a stored XSS 
risk and potential IDOR risk. 


ID numbers displayed in the quiz grading report 
required additional sanitizing to prevent a 
stored XSS risk. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


6.1 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
554 


CVE-2023- 
5547 


CVE-2023- 
5544 


CVE-2023- 
5546 


Primary Dkserintion Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


A vulnerability classified as problematic has 

been found in msyk FMDataAPI up to 22. 

Affected is an unknown function of the file 
FMDataAPI_Sample.php. The manipulation 

leads to cross site scripting. It is possible to 

launch the attack remotely. Upgrading to 2023-11- 
version 23 is able to address this issue. The 07 
patch is identified as 
3bd1709a8f7b1720529bf5dfc9855ad609f436c 

f. It is recommended to upgrade the affected 

component. VDB-244494 is the identifier 

assigned to this vulnerability. 


CVE-2021- 


4431 


msyk --fmdataapi 6.1 


Primary 


Vendor -- Product 


mybb --mybb 


Description 


MyBB is a free and open source forum software. 
Custom MyCode (BBCode) for the visual editor 
(_SCEditor_) doesn't escape input properly when 
rendering HTML, resulting ina DOM-based XSS 
vulnerability. This weakness can be exploited by 
pointing a victim to a page where the visual 
editor is active (e.g. as a post or Private 
Message) and operates on a maliciously crafted 
MyCode message. This may occur on pages 
where message content is pre-filled using a 
GET/POST parameter, or on reply pages where a 
previously saved malicious message is quoted. 
The impact is be mitigated when: 1. the visual 
editor is disabled globally (_Admin CP ? 
Configuration ? Settings ? Clickable Smilies and 
BB Code: [Clickable MyCode Editor] 
(https://github.com/mybb/mybb/blob/mybb_183 
6/install/resources/settings.xml#L2087- 
L2094)_ is set to _Off_), or 2. the visual editor is 
disabled for individual user accounts (_User CP 
? Your Profile ? Edit Options_: _Show the 
MyCode formatting options on the posting 
pages_ checkbox is not checked). MyBB 1.8.37 
resolves this issue with the commit ‘6dcaf0b4d’. 


Publish 
ed 


2023-11- 
06 


Cvss 
Score 


6.1 


Source & 
Patch Info 


CVE-2023- 
46251 

MISC 
<https://github. 
com/mybb/myb 
b/commit/6dca 
f0b4db6254f18 
33fe8dae295d 
9ddc2219276> 
MISC 
<https://github. 
com/mybb/myb 
b/security/advi 
sories/ghsa- 
wj33-q/vj- 
Ofr8> 

MISC 
<https://mybb.c 
om/versions/1.8 
.37/> 


Primary 
Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


Users are advised to upgrade. Users unable to 
upgrade may mitigate the impact without 
upgrading MyBB by changing the following 
setting (_Admin CP ? Configuration ? Settings_): 
-_Clickable Smilies and BB Code ? [Clickable 
MyCode Editor] 
(https://github.com/mybb/mybb/blob/mybb_183 
6/install/resources/settings.xml#L2087- 
L2094)_: _Off_. Similarly, individual MyBB forum 
users are able to disable the visual editor by 
diabling the account option (_User CP ? Your 
Profile ? Edit Options_) _Show the MyCode 
formatting options on the posting pages_. 


Primary 


Vendor -- Product 


mybb --mybb 


Description 


Cross Site Scripting vulnerability in Mybb Mybb 
Forums v.1.8.33 allows a local attacker to 
execute arbitrary code via the theme Name 
parameter in the theme management 
component. 


Publish CVSS 


Score 


2023-11- 5.4 


06 


Source & 
Patch Info 


CVE-2023- 
45556 

MISC 
<https://raw.git 
hubusercontent 
.com/or4ngm4n 
/mybb/main/scr 
eenshot%2020 
23-10- 
08%20012112.p 
ng> 

MISC 
<https://github. 
com/mybb/myb 
b/security/advi 
sories/ghsa- 
4xqm-3cm2- 
5xgf> 

MISC 
<https://github. 
com/or4ngm4n 
/mybb/blob/mai 
n/mybb%201.8. 
33%20cross%2 


Primary 
Vendor -- Product 


Publish 
ed 


Description 


Source & 
Patch Info 


nasa --openmct 


nasa --openmct 


Cross Site Request Forgery (CSRF) vulnerability 

in NASA Open MCT (aka openmct) through 3.1.0 2023-11- 
allows attackers to view sensitive information 09 
via the flexibleLayout plugin. 


Cross Site Scripting (XSS) vulnerability in NASA 

Open MCT (aka openmct) through 3.1.0 allows 2023-11- 
attackers to run arbitrary code via the new 09 
component feature in the flexibleLayout plugin. 


6.5 


5.4 


Osite%2O0script 
ing.txt> 


CVE-2023- 
45884 


CVE-2023- 
45885 


Primary 
Vendor -- Product 


nationaledtech -- 
boomerang 


ni-- 
topografix_data_plugin 


Publish 


D ipti 
escription ed 


An issue was discovered in the Boomerang 

Parental Control application before 13.83 for 

Android. The app is missing the 

2023-11- 
manifest. This allows the user to back up the 03 


android:allowBackup="false" attribute in the 


internal memory of the app to a PC. This gives 
the user access to the API token that is used to 
authenticate requests to the API. 


An incorrect permission assignment in the 


TopoGrafix DataPlugin for GPX ld lt i 
opoGrafix DataPlugin for could result in 2023-11- 


information disclosure. An attacker could 08 


exploit this vulnerability by getting a user to 
open a specially crafted data file. 


CVSS 
Score 


4.6 


5.5 


Source & 
Patch Info 


CVE-2023- 
36620 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/jul/1 
2> 

MISC 
<https://sec- 
consult.com/bl 
og/detail/the- 
hidden-costs- 
of-parental- 
control-apps/> 
MISC 
<https://useboo 


merang.com/> 


CVE-2023- 
5136 


Primary 
Vendor -- Product 


nta --e-tax 


Description 


e-Tax software Version3.0.10 and earlier 
improperly restricts XML external entity 
references (X XE) due to the configuration of the 
embedded XML parser. By processing a 
specially crafted XML file, arbitrary files on the 
system may be read by an attacker. 


Publish 
ed 


2023-11- 
06 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
46802 

MISC 
<https://www.e 
tax.nta.go.jp/to 
pics/topics_20 
231102.htm> 
MISC 
<https://jvn.jp/e 
n/jp/jvn147629 
86/> 


Primary 
Vendor -- Product 


opensc_project --opensc 


Publish 


D ipti 

escription ed 
A flaw was found in OpenSC packages that 2023-11- 
allow a potential PIN bypass. When a token/card 06 


is authenticated by one process, it can perform 
cryptographic operations in other processes 
when an empty zero-length pin is passed. This 
issue poses a security risk, particularly for OS 
logon/screen unlock and for small, permanently 
connected tokens to computers. Additionally, 
the token can internally track login status. This 
flaw allows an attacker to gain unauthorized 
access, carry out malicious actions, or 
compromise the system without the user's 
awareness. 


Cvss 
Score 


6.6 


Source & 
Patch Info 


CVE-2023- 
40660 

MISC 
<https://github. 
com/opensc/op 
ensc/releases/t 
ag/0.24.0-rc1> 
MISC 
<https://github. 
com/opensc/op 
ensc/wiki/open 
sc-security- 
advisories> 
MISC 

MISC 
<https://github. 
com/opensc/op 
ensc/issues/27 
92#issuecomm 
ent- 
1674806651> 
MISC 
<https://access. 


redhat.com/sec 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


urity/cve/cve- 
2023-40660> 


Primary 
Vendor -- Product 


opensc --Opensc 


Publish 


Description 
j ed 


Several memory vulnerabilities were identified 2023-11- 
within the OpenSC packages, particularly in the 06 
card enrollment process using pkcs15-init when 

a user or administrator enrolls cards. To take 

advantage of these flaws, an attacker must have 

physical access to the computer system and 

employ a custom-crafted USB device or smart 

card to manipulate responses to APDUs. This 
manipulation can potentially allow compromise 

key generation, certificate loading, and other 

card management operations during enrollment. 


CVSS 
Score 


6.4 


Source & 
Patch Info 


CVE-2023- 
40661 

MISC 
<https://github. 
com/opensc/op 
ensc/releases/t 
ag/0.24.0-rc1> 
MISC 

MISC 
<https://github. 
com/opensc/op 
ensc/wiki/open 
sc-security- 
advisories> 
MISC 
<https://github. 
com/opensc/op 
ensc/issues/27 
92#issuecomm 
ent- 
1674806651> 
MISC 
<https://access. 


redhat.com/sec 


Primary 


Vendor -- Product 


Description 


Publish 


ed 


Source & 
Patch Info 


prestashop -- prestashop 


proofpoint -- 


enterprise_protection 


blockreassurance adds an information block 
aimed at offering helpful information to 
reassure customers that their store is 
trustworthy. An ajax function in module 
blockreassurance allows modifying any value in 
the configuration table. This vulnerability has 
been patched in version 5.1.4. 


Proofpoint Enterprise Protection contains a 
stored XSS vulnerability in the AdminUI. An 
unauthenticated attacker can send a specially 
crafted email with HTML in the subject which 
triggers XSS when viewing quarantined 
messages. This issue affects Proofpoint 
Enterprise Protection: from 8.20.0 before patch 
4796, from 8.18.6 before patch 4795 and all 
other prior versions. 


2023-11- 
09 


2023-11- 
06 


5.3 


6.1 


urity/cve/cve- 
2023-40661> 


CVE-2023- 
47110 


CVE-2023- 
5771 

MISC 
<https://www.p 
roofpoint.com/u 
s/security/secu 
rity- 
advisories/pfpt- 
sa-2023-0010> 


Primary 
Vendor -- Product 


qnap --qts 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


qualcomm --snapdragon 


Description 


A server-side request forgery (SSRF) 
vulnerability has been reported to affect several 
QNAP operating system versions. If exploited, 
the vulnerability could allow authenticated 
users to read application data via a network. We 
have already fixed the vulnerability in the 
following versions: QTS 5.0.1.2514 build 
20230906 and later QTS 5.1.1.2491 build 
20230815 and later QuTS hero h5.0.1.2515 build 
20230907 and later QuTS hero h5.1.1.2488 build 
20230812 and later QuTScloud c5.1.0.2498 and 
later 


Information Disclosure in WLAN Host when 
processing WMI event command. 


Information Disclosure in Qualcomm IPC while 
reading values from shared memory in VM. 


Information disclosure in IOE Firmware while 
handling WMI command. 


Information disclosure in WLAN HAL while 
handling the WMI state info command. 


Publish 
ed 


2023-11- 
03 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


4.3 


5.5 


5.5 


5.5 


5.5 


Source & 
Patch Info 


CVE-2023- 
39301 

MISC 
<https://www.q 
nap.com/en/sec 
urity- 
advisory/qsa- 
23-51> 


CVE-2023- 
28553 


CVE-2023- 
28554 


CVE-2023- 
28563 


CVE-2023- 
28566 


Primary 
Vendor -- Product 


qualcomm --snapdragon 


qualcomm --snapdragon 


ragic -- 
enterprise_cloud_datab 
ase 


rapid7 --velociraptor 


ao oe Publish 
Description ed 
Information disclosure in WLAN HAL when 2023-11- 
reception status handler is called. 07 
Information disclosure in WLAN HAL while 2023-11- 
handling command through WMI interfaces. 07 
Rogic No-Code Database Builder's file 
uploading function has insufficient filtering for 
special characters. A remote attacker with 2023-11- 
regular user privilege can inject JavaScript to 03 
perform XSS (Stored Cross-Site Scripting) 
attack. 
Rapid7 Velociraptor versions prior to 0.7.0-4 
suffer from a reflected cross site scripting 
vulnerability. This vulnerability allows attackers 
to inject JS into the error path, potentially 2023-11 
leading to unauthorized execution of scripts 06 


within a user's web browser. This vulnerability is 
fixed in version 0.7.0-04 and a patch is available 
to download. Patches are also available for 
version 0.6.9 (0.6.9-1). 


CVSS 
Score 


5.5 


5.4 


6.1 


Source & 
Patch Info 


CVE-2023- 
28568 


CVE-2023- 
28569 


CVE-2023- 
41343 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7509- 
5b734-1.html> 


CVE-2023- 
5950 

MISC 
<https://github. 
com/velocidex/ 
velociraptor/rel 
eases/tag/v0.7. 
0> 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
CVE-2023- 
; 4910 
A flaw was found In 3Scale Admin Portal. If a MISC 
redhat -- user logs out from the personal tokens page and 
; : 2023-11- <https://access. 
3scale_api_managemen then presses the back button in the browser, the 5.5 
: 06 redhat.com/sec 
t tokens page is rendered from the browser 
urity/cve/cve- 
cache. 
2023-4910> 
MISC 
A flaw was found in Quay. Clickjacking is when 
an attacker uses multiple transparent or opaque 
layers to trick a user into clicking on a button or 
link on another page when they intend to click 
on the top-level page. During the pentest, it has 2023-11 CVE-2023- 
redhat --quay been detected that the config-editor page is 07 4.3 4956 


vulnerable to clickjacking. This flaw allows an 
attacker to trick an administrator user into 
clicking on buttons on the config-editor panel, 
possibly reconfiguring some parts of the Quay 
instance. 


Primary 
Vendor -- Product 


redmine --redmine 


redmine --redmine 


Description 


Redmine before 4.2.11 and 5.0.x before 5.0.6 
allows XSS in a Markdown formatter. 


Redmine before 4.2.11 and 5.0.x before 5.0.6 
allows XSS in the Textile formatter. 


Publish 
ed 


2023-11- 
05 


2023-11- 
05 


CVSS 
Score 


6.1 


6.1 


Source & 
Patch Info 


CVE-2023- 
47258 

MISC 
<https://www.re 
dmine.org/proje 
cts/redmine/wi 
ki/security_advi 


sories> 


CVE-2023- 
47259 

MISC 
<https://www.re 
dmine.org/proje 
cts/redmine/wi 
ki/security_advi 


sories> 


Primary 
Vendor -- Product 


redmine --redmine 


Description 


Redmine before 4.2.11 and 5.0.x before 5.0.6 
allows XSS via thumbnails. 


Publish 
ed 


2023-11- 
05 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
47260 

MISC 
<https://www.re 
dmine.org/proje 
cts/redmine/wi 
ki/security_adv 


sories> 


Primary 
Vendor -- Product 


roundcube -- webmail 


Description 


Roundcube 1.5.x before 1.5.6 and 1.6.x before 
1.6.5 allows XSS via a Content-Type or Content- 
Disposition header (used for attachment 
preview or download). 


Publish CVSS 


Score 


2023-11- 6.1 


06 


Source & 
Patch Info 


CVE-2023- 
47272 

MISC 
<https://github. 
com/roundcube 
/roundcubemail 
/commit/5ec49 
6885e18ec6af 
956e8c0d6278 
56c2257ba2d> 
MISC 
<https://github. 
com/roundcube 
/roundcubemail 
/releases/tag/1. 
5.6> 

MISC 
<https://github. 
com/roundcube 
/roundcubemail 
/releases/tag/1. 
6.5> 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


Primary 
Vendor -- Product 


samba --samba 


ae Publish 
Description ed 
A vulnerability was discovered in Samba, where 2023-11- 


the flaw allows SMB clients to truncate files, 03 
even with read-only permissions when the 
Samba VFS module "acl_xattr" is configured 
with "acl_xattr:ignore system acls = yes". The 
SMB protocol allows opening files when the 
client requests read-only access but then 
implicitly truncates the opened file to O bytes if 
the client specifies a separate OVERWRITE 
create disposition request. The issue arises in 
configurations that bypass kernel file system 
permissions checks, relying solely on Samba's 
permissions. 


Cvss 
Score 


6.5 


Source & 
Patch Info 


CVE-2023- 
4091 

MISC 
<https://www.s 
amba.org/samb 
a/security/cve- 
2023- 
4091.html> 
MISC 

MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6209> 
MISC 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-4091> 
MISC 
<https://lists.fe 
doraproject.org 


/archives/list/p 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


ackage- 
announce@lists 
.fedoraproject.o 
rg/message/zu 
mvallffdfc53jz 
muwa6hpd7hu 
gap5i/> 


A design flaw was found in Samba's DirSync 

control implementation, which exposes 

passwords and secrets in Active Directory to 

privileged users and Read-Only Domain 

Controllers (RODCs). This flaw allows RODCs 

and users possessing the GET.CHANGES right 

to access all attributes, including sensitive CVE-2023- 


ts and ds. Even in a default setup, 
secrets and passwords. Even in a default setup 2023-11- 4154 


samba --samba RODC DC accounts, which should only replicate 07 


some passwords, can gain access to all domain 
secrets, including the vital krbtgt, effectively 
eliminating the RODC / DC distinction. 
Furthermore, the vulnerability fails to account 
for error conditions (fail open), like out-of- 
memory situations, potentially granting access 
to secret attributes, even under low-privileged 
attacker influence. 


Primary 
Vendor -- Product 


samba --samba 


Description 


A vulnerability was found in Samba's "rpcecho" 
development server, a non-Windows RPC server 
used to test Samba's DCE/RPC stack elements. 
This vulnerability stems from an RPC function 
that can be blocked indefinitely. The issue arises 
because the "rpcecho" service operates with 
only one worker in the main RPC task, allowing 
calls to the "rpcecho" server to be blocked for a 
specified time, causing service disruptions. This 
disruption is triggered by a "sleep()" call in the 
"dcesrv_echo_TestSleep()" function under 
specific conditions. Authenticated users or 
attackers can exploit this vulnerability to make 
calls to the "rpcecho" server, requesting it to 
block for a specified duration, effectively 
disrupting most services and leading toa 
complete denial of service on the AD DC. The 
DoS affects all other services as "rpcecho" runs 
in the main RPC task. 


Publish 


ed 


2023-11- 
06 


CVSS 
Score 


6.5 


Source & 
Patch Info 


CVE-2023- 
42669 

MISC 

MISC 
<https://www.s 
amba.org/samb 
a/security/cve- 
2023- 
42669.html> 
MISC 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-42669> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6209> 


Primary 
Vendor -- Product 


samba --samba 


Publish 


Description ed 
A flaw was found in Samba. It is susceptible to a 2023-11- 
vulnerability where multiple incompatible RPC 03 


listeners can be initiated, causing disruptions in 
the AD DC service. When Samba's RPC server 
experiences a high load or unresponsiveness, 
servers intended for non-AD DC purposes (for 
example, NT4-emulation "classic DCs") can 
erroneously start and compete for the same 
unix domain sockets. This issue leads to partial 
query responses from the AD DC, causing issues 
such as "The procedure number is out of range" 
when using tools like Active Directory Users. 
This flaw allows an attacker to disrupt AD DC 
services. 


Cvss 
Score 


6.5 


Source & 
Patch Info 


CVE-2023- 
42670 

MISC 

MISC 
<https://www.s 
amba.org/samb 
a/security/cve- 
2023- 
42670.html> 
MISC 

MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-42670> 
MISC 
<https://lists.fe 
doraproject.org 
/archives/list/p 
ackage- 
announce@lists 
.fedoraproject.o 
rg/message/zu 
mvallffdfc53jz 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 
muwa6hpd7hu 
gap5i/> 

Use of implicit intent for sensitive 

communication vulnerability in 

startAgreeToDisclaimerActivity in Samsung 2023-11- CVE-2023- 
samsung -- account f ; 6.5 

Account prior to version 14.5.00.7 allows 07 42546 

attackers to access arbitrary file with Samsung 

Account privilege. 

Use of implicit intent for sensitive 

communication vulnerability in 

startEmailValidationActivity in Samsung 2023-11- CVE-2023- 
samsung --account ; ; 6.5 

Account prior to version 14.5.00.7 allows 07 42547 

attackers to access arbitrary file with Samsung 

Account privilege. 

Use of implicit intent for sensitive 

communication vulnerability in 

startMandatoryCheckActivity in Samsung 2023-11- CVE-2023- 
samsung -- account i ; 6.5 

Account prior to version 14.5.00.7 allows 07 42548 


attackers to access arbitrary file with Samsung 
Account privilege. 


Primary 
Vendor -- Product 


samsung -- account 


samsung -- account 


samsung -- account 


samsung --account 


Description 


Use of implicit intent for sensitive 
communication vulnerability in 
startNameValidationActivity in Samsung 
Account prior to version 14.5.00.7 allows 
attackers to access arbitrary file with Samsung 
Account privilege. 


Use of implicit intent for sensitive 
communication vulnerability in startSignin in 
Samsung Account prior to version 14.5.00.7 
allows attackers to access arbitrary file with 
Samsung Account privilege. 


Use of implicit intent for sensitive 
communication vulnerability in startTncActivity 
in Samsung Account prior to version 14.5.00.7 
allows attackers to access arbitrary file with 
Samsung Account privilege. 


Improper access control vulnerability in 
Samsung Account prior to version 14.5.01.1 
allows attackers to access sensitive information 
via implicit intent. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


6.5 


6.5 


5.5 


Source & 
Patch Info 


CVE-2023- 
42549 


CVE-2023- 
42550 


CVE-2023- 
42551 


CVE-2023- 
42540 


Primary 
Vendor -- Product 


samsung --android 


samsung --android 


samsung --android 


samsung --easysetup 


samsung --email 


Publish 
Description ae 


ed 
Improper Input Validation with USB Gadget 
Interface prior to SMR Nov-2023 Release 1 2023-11- 
allows a physical attacker to execute arbitrary 07 


code in Kernel. 


Improper input validation vulnerability in 

ProcessWriteFile of libsec-ril prior to SMR Nov- 2023-11- 
2023 Release 1 allows local attackers to expose 07 
sensitive information. 


Improper input validation vulnerability in 

ChooserActivity prior to SMR Nov-2023 Release 2023-11- 
1 allows local attackers to read arbitrary files 07 
with system privilege. 


Use of implicit intent for sensitive 

communication vulnerability in EasySetup prior 2023-11- 
to version 11.1.13 allows attackers to get the 07 
bluetooth address of user device. 


Improper authorization verification vulnerabilit 
oe Y 2023-1- 


in Samsung Email prior to version 6.1.90.4 allows 07 


attackers to read sandbox data of email. 


CVSS 
Score 


5.5 


5.5 


5.5 


5.3 


Source & 
Patch Info 


CVE-2023- 
42533 


CVE-2023- 
42527 


CVE-2023- 
42534 


CVE-2023- 
42555 


CVE-2023- 
42553 


Primary 
Vendor -- Product 


samsung --health 


samsung --pass 


samsung --push_service 


samsung --quick_share 


samsung -- 
ue40d7000_ firmware 


Description 


PendingIntent hijacking vulnerability in 
ChallengeNotificationManager in Samsung 
Health prior to version 6.25 allows local 
attackers to access data. 


Improper Authentication vulnerabiity in 
Samsung Pass prior to version 4.3.00.17 allows 
physical attackers to bypass authentication. 


Improper authorization in PushClientProvider of 
Samsung Push Service prior to version 3.4.10 
allows attacker to access unique id. 


Improper access control vulnerability in Quick 
Share prior to 13.5.52.0 allows local attacker to 
access local files. 


Improper Restriction of Excessive 
Authentication Attempts vulnerability in 
Samsung Smart TV UE40D7000 version T- 
GAPDEUC-1033.2 and before allows attackers to 
cause a denial of service via WPS attack tools. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
08 


CVSS 
Score 


6.8 


5.3 


5.5 


4.3 


Source & 
Patch Info 


CVE-2023- 
42539 


CVE-2023- 
42554 


CVE-2023- 
42541 


CVE-2023- 
42544 


CVE-2023- 
41270 


Primary 
Vendor -- Product 


sfu-- 
pkp_web_application_lib 
rary 


sfu-- 
pkp_web_application_lib 
rary 


sfu-- 
pkp_web_application_lib 
rary 


sfu-- 
pkp_web_application_lib 
rary 


sfu-- 
pkp_web_application_lib 
rary 


Description 


Missing Authorization in GitHub repository 
pkp/pkp-lib prior to 3.3.0-16. 


Cross-site Scripting (XSS) -Stored in GitHub 
repository pkp/pkp-lib prior to 3.3.0-16. 


Cross-site Scripting (XSS) -Stored in GitHub 
repository pkp/pkp-lib prior to 3.3.0-16. 


PKP-WAL (aka PKP Web Application Library or 
pkp-lib) before 3.3.0-16, as used in Open Journal 
Systems (OJS) and other products, does not 
verify that the file named in an XML document 
(used for the native import/export plugin) is an 
image file, before trying to use it for an issue 
cover image. 


Unrestricted Upload of File with Dangerous Type 
in GitHub repository pkp/pkp-lib prior to 3.3.0- 
16. 


Publish CVSS 


ed Score 
2023-11- 
5.4 
07 
2023-11- 
5.4 
07 
2023-11- 
5.4 
07 
2023-11- 
5.3 
06 
2023-11- 
4.8 
07 


Source & 
Patch Info 


CVE-2023- 
5900 


CVE-2023- 
5903 


CVE-2023- 
5904 


CVE-2023- 
47271 

MISC 
<https://github. 
com/pkp/pkp- 
lib/issues/9464 


> 


CVE-2023- 
5901 


Primary 
Vendor -- Product 


sigstore --cosign 


Description en 
ed 

Cosign is a sigstore signing tool for OCI 2023-11- 

containers. Cosign is susceptible to a denial of 07 


service by an attacker-controlled registry. An 
attacker who controls a remote registry can 
return a high number of attestations and/or 
signatures to Cosign and cause Cosign to enter 
a long loop resulting in an endless data attack. 
The root cause is that Cosign loops through all 
attestations fetched from the remote registry in 
pkg/cosign.FetchAttestations. The attacker 
needs to compromise the registry or make a 
request to a registry they control. When doing 
so, the attacker must return a high number of 
attestations in the response to Cosign. The 
result will be that the attacker can cause Cosign 
to go into a long or infinite loop that will prevent 
other users from verifying their data. In 
Kyvernos case, an attacker whose privileges are 
limited to making requests to the cluster can 
make a request with an image reference to their 
own registry, trigger the infinite loop and deny 
other users from completing their admission 
requests. Alternatively, the attacker can obtain 
control of the registry used by an organization 


Cvss 
Score 


5.3 


Source & 
Patch Info 


CVE-2023- 
46737 


Primary 
Vendor -- Product 


Publish 
ed 


Description 


Source & 
Patch Info 


softing -- smartlink_sw- 
ht 


and return a high number of attestations instead 
the expected number of attestations. The issue 
can be mitigated rather simply by setting a limit 
to the limit of attestations that Cosign will loop 
through. The limit does not need to be high to be 
within the vast majority of use cases and still 
prevent the endless data attack. This issue has 
been patched in version 2.2.1 and users are 
advised to upgrade. 


Cross-site Scripting vulnerability in Softing 

smartLink SW-HT before 1.30, which allows an 2023-11- 
attacker to execute a dynamic script (JavaScript, 06 
VBScript) in the context of the application. 


6.1 


CVE-2022- 
48192 

MISC 
<https://industr 
ial.softing.com/ 
fileadmin/psirt/ 
downloads/syt- 
2022-11.html> 
MISC 
<https://industr 
ial.softing.com/ 
fileadmin/psirt/ 
downloads/syt- 
2022-11.json> 


Primary 
Vendor -- Product 


squid-cache --squid 


Description 


SQUID is vulnerable to HTTP request smuggling, 
caused by chunked decoder lenience, allows a 
remote attacker to perform Request/Response 
smuggling past firewall and frontend security 
systems. 


Publish CVSS 
ed Score 


2023-11- 5.3 
03 


Source & 
Patch Info 


CVE-2023- 
46846 

MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6266> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6267> 
MISC 
<https://access. 
redhat.com/err 
ata/rhsa- 
2023:6268> 
MISC 
<https://access. 
redhat.com/sec 
urity/cve/cve- 
2023-46846> 
MISC 

MISC 


Primary Publish Source & 


Vendor -- Product Deseription ed Patch Info 


<https://github. 
com/squid- 
cache/squid/se 
curity/advisorie 
s/ghsa-j83v- 
w3p4-5cqh> 


Primary 
Vendor -- Product 


squidex.io --squidex 


Publish 


Description 
á ed 


Squidex is an open source headless CMS and 
content management hub. Affected versions are 
missing origin verification in a postMessage 
handler which introduces a Cross-Site Scripting 
(XSS) vulnerability. The editor-sdk.js file defines 
three different class-like functions, which 
employ a global message event listener: 
SquidexSidebar, SquidexWidget, and 
SquidexFormField. The registered event listener 
takes some action based on the type of the 
received message. For example, when the 2023-11- 
SquidexFormField receives a message with the 07 
type valueChanged, the value property is 
updated. The SquidexFormField class is for 
example used in the editor-editorjs.html file, 
which can be accessed via the public wwwroot 
folder. It uses the onValueChanged method to 
register a callback function, which passes the 
value provided from the message event to the 
editor.render. Passing an attacker-controlled 
value to this function introduces a Cross-Site 
Scripting (XSS) vulnerability. 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
46252 


Primary 
Vendor -- Product 


squidex.io --squidex 


ae Publish 
Description ed 
Squidex is an open source headless CMS and 2023-11- 
content management hub. In affected versions a 07 


stored Cross-Site Scripting (XSS) vulnerability 
enables privilege escalation of authenticated 
users. The SVG element filtering mechanism 
intended to stop XSS attacks through uploaded 
SVG images, is insufficient resulting to stored 
XSS attacks. Squidex allows the CMS 
contributors to be granted the permission of 
uploading an SVG asset. When the asset is 
uploaded, a filtering mechanism is performed to 
validate that the SVG does not contain malicious 
code. The validation logic consists of traversing 
the HTML nodes in the DOM. In order for the 
validation to succeed, 2 conditions must be met: 
1. No HTML tags included in a "blacklist" called 
"InvalidSvgElements" are present. This list only 
contains the element "script". and 2. No 
attributes of HTML tags begin with "on" (i.e. 
onerror, onclick) (line 65). If either of the 2 
conditions is not satisfied, validation fails and 
the file/asset is not uploaded. However it is 
possible to bypass the above filtering 
mechanism and execute arbitrary JavaScript 


CVSS 
Score 


5.4 


Source & 
Patch Info 


CVE-2023- 
46744 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


code by introducing other HTML elements such 
as an <iframe> element with a "src" attribute 
containing a "javascript:" value. Authenticated 
adversaries with the "assets.create" permission, 
can leverage this vulnerability to upload a 
malicious SVG as an asset, targeting any 
registered user that will attempt to open/view 
the asset through the Squidex CMS. 


Buffer copy without checking size of input 


‘Classic Buffer Overflow’) vulnerability in cgi 
synology-- l ) ees 2023-11- CVE-2023- 
sonnie component in Synology SSL VPN Client before 07 5.5 5748 
=N, 1.4.7-0687 allows local users to conduct denial- 


of-service attacks via unspecified vectors. 


Primary 
Vendor -- Product 


teamamaze -- 
amaze_file_utilities 


timeteccloud -- 
auto_web- 
based_database_manag 
ement_system 


Publish 


D ipti 

escription ed 
Improper Authorization in GitHub repository 2023-11- 
teamamaze/amazefileutilities prior to 1.91. 03 
Cross Site Scripting vulnerability in timetec 
AWDMS v.2.0 allows an attacker to obtain 2023-11- 
sensitive information via a crafted payload to 08 


the remark parameter of the New Zone function. 


CVSS 
Score 


5.5 


5.4 


Source & 
Patch Info 


CVE-2023- 
5948 

MISC 
<https://github. 
com/teamamaz 
e/amazefileutili 
ties/commit/62 
d02204d45260 
3ab85c50d43c 
7c680e4256c7 
d7> 

MISC 
<https://huntr.c 
om/bounties/ac 
1363b5-207b- 
40d9-aac5- 
e66d6213f692 


> 


CVE-2023- 
46483 


Primary 
Vendor -- Product 


urbackup -- 
urbackup_server 


veeam--one 


veeam--one 


veeam--one 


Description 


UrBackup Server 2.5.31 allows brute-force 
enumeration of user accounts because a failure 
message confirms that a username is not valid. 


A vulnerability in Veeam ONE allows an 
unprivileged user who has access to the Veeam 
ONE Web Client the ability to acquire the NTLM 
hash of the account used by the Veeam ONE 
Reporting Service. Note: The criticality of this 
vulnerability is reduced as it requires interaction 
by a user with the Veeam ONE Administrator 
role. 


A vulnerability in Veeam ONE allows an 
unprivileged user who has access to the Veeam 
ONE Web Client the ability to acquire the NTLM 
hash of the account used by the Veeam ONE 
Reporting Service. 


A vulnerability in Veeam ONE allows a user with 
the Veeam ONE Read-Only User role to view the 
Dashboard Schedule. Note: The criticality of this 
vulnerability is reduced because the user with 
the Read-Only role is only able to view the 
schedule and cannot make changes. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


5.3 


5.4 


4.3 


4.3 


Source & 
Patch Info 


CVE-2023- 
47102 


CVE-2023- 
38549 


CVE-2023- 
38548 


CVE-2023- 
41723 


Primary 
Vendor -- Product 


visser -- 
store_exporter_for_wooc 
ommerce 


wisdomgarden -- 
tronclass_ilearn 


wondercms -- 
wondercms 


Description 


Unauth. Reflected Cross-Site Scripting’) 
vulnerability in Visser Labs Store Exporter for 
WooCommerce -Export Products, Export Orders, 
Export Subscriptions, and More plugin <= 2.7.2 
versions. 


NCSIST ManageEngine Mobile Device 
Manager(MDM) APP's special function has a 
path traversal vulnerability. An unauthenticated 
remote attacker can exploit this vulnerability to 
bypass authentication and read arbitrary system 
files. 


Cross Site Scripting vulnerability in Wonder 
CMS v.3.2.0 thru v.3.4.2 allows a remote 
attacker to execute arbitrary code via a crafted 
script uploaded to the installModule component. 


Publish 
ed 


2023-11- 
06 


2023-11- 
03 


2023-11- 
07 


CVSS 
Score 


6.1 


6.5 


6.1 


Source & 
Patch Info 


CVE-2023- 
46822 
MISC 


CVE-2023- 
41356 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7506- 
b4e29-1.html> 


CVE-2023- 
41425 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


The Front End PM WordPress plugin before 
11.4.3 does not block listing the contents of the 
directories where it stores attachments to 
private messages, allowing unauthenticated 
visitors to list and download private 
attachments if the autoindex feature of the web 
server is enabled. 


The WD WidgetTwitter plugin for WordPress is 
vulnerable to SQL Injection via the plugin's 
shortcode in versions up to, and including, 1.0.9 
due to insufficient escaping on the user 
supplied parameter and lack of sufficient 
preparation on the existing SQL query. This 
makes it possible for authenticated attackers 
with contributor-level and above permissions to 
append additional SQL queries into already 
existing queries that can be used to extract 
sensitive information from the database. 


Publish 
ed 


2023-11- 
06 


2023-11- 
07 


CVSS 
Score 


6.5 


6.5 


Source & 
Patch Info 


CVE-2023- 
4930 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/c73b3276- 
e6f1-4f22- 
a888- 
025e5d0504f2 


> 


CVE-2023- 
5709 


Primary 


Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Unauth. Reflected Cross-Site Scripting (XSS) 
vulnerability in Kathy Darling Simple User 
Listing plugin <= 1.9.2 versions. 


Unauth. Reflected Cross-Site Scripting (XSS) 
vulnerability in Enej Bajgoric /Gagan Sandhu / 
CTLT DEV User Avatar plugin <= 1.4.11 versions. 


Unauth. Reflected Cross-Site Scripting (XSS) 
vulnerability in FLOWFACT WP Connector plugin 
<= 2.1.7 versions. 


Unauth. Reflected Cross-Site Scripting (XSS) 
vulnerability in Ashish Ajani WordPress Simple 
HTML Sitemap plugin <= 2.1 versions. 


Unauth. Reflected Cross-Site Scripting (XSS) 
vulnerability in WPSolutions-HQ 
WPDBSpringClean plugin <= 1.6 versions. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
07 


CVSS 
Score 


6.1 


6.1 


6.1 


6.1 


6.1 


Source & 
Patch Info 


CVE-2023- 
32298 


CVE-2023- 
46621 


CVE-2023- 
46626 


CVE-2023- 
46627 


CVE-2023- 
47510 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
p ed 


The Awesome Support WordPress plugin before 


61.5d t saniti d t 
oes not sanitise and escape a parameter 2023-11- 


before outputting it back in the page, leading to 06 


a Reflected Cross-Site Scripting which could be 
used against high privilege users such as admin. 


The Digirisk plugin for WordPress is vulnerable 
to Reflected Cross-Site Scripting via the 
‘current_group_id' parameter in version 6.0.0.0 


due to insufficient input sanitization and output 
i á 2023-11- 


escaping. This makes it possible for 03 


unauthenticated attackers to inject arbitrary 
web scripts in pages that execute if they can 
successfully trick a user into performing an 
action such as clicking on a link. 


CVSS 
Score 


6.1 


6.1 


Source & 
Patch Info 


CVE-2023- 
5354 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/aa380524- 
031d-4e49- 
9dOb- 
96e62d54557f 


> 


CVE-2023- 
5946 

MISC 

MISC 
<https://plugins 
.trac.wordpress 
.org/changeset/ 
1428184/digiris 
k/trunk/module 
s/society/contr 
oller/group.con 


troller.01.php> 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Auth. (author+) Stored Cross-Site Scripting 
(XSS) vulnerability in simonpedge Slide 
Anything -Responsive Content / HTML Slider 
and Carousel plugin <= 2.4.9 versions. 


Auth. (contributor+) Stored Cross-Site Scripting 
(XSS) vulnerability in Jens Kuerschner Add to 
Calendar Button plugin <= 1.5.1 versions. 


Auth. (contributor+) Stored Cross-Site Scripting 
(XSS) vulnerability in D. Relton Medialist plugin 
<= 1.3.9 versions. 


Auth. (contributor+) Stored Cross-Site Scripting 
(XSS) vulnerability in Chris Yee MomentoPress 
for Momento360 plugin <= 1.0.1 versions. 


Auth. (contributor+) Stored Cross-Site Scripting 
(XSS) vulnerability in Bright Plugins Pre-Orders 
for WooCommerce plugin <= 1.2.13 versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in Yakir Sitbon, Ariel 
Klikstein Linker plugin <= 1.2.1 versions. 


Publish CVSS 
ed Score 
2023-11- 
07 
2023-11- 5.4 
08 l 
2023-11- 54 
08 l 
2023-11- 54 
06 
2023-11- 54 
06 
2023-11- 54 
06 


Source & 
Patch Info 


CVE-2023- 
28499 


CVE-2023- 
46613 


CVE-2023- 
46640 


CVE-2023- 
46782 
MISC 


CVE-2023- 
46783 
MISC 


CVE-2023- 
47177 
MISC 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Auth. tributor+) Stored C -Site Scripti 
uth. (contri utor ) ored Cross-Site Scripting 2023-11- CVE-2023- 
wordpress --wordpress (XSS) vulnerability in Apollol3Themes Apollo13 08 5.4 47190 
Framework Extensions plugin <= 1.9.0 versions. 
Auth. tributor+) Stored C -Site Scripti 
uth. (contri utor ) ore HOS ite enpruing aii- CVE-2023- 
wordpress --wordpress (XSS) vulnerability in Vyas Dipen Top 25 Social 08 5.4 47229 
Icons plugin <= 3.1 versions. 
Auth. tributor+) Stored C -Site Scripti 
uth. (contri sel ) pre ross-Site Scripting 2023-11- CVE-2023- 
wordpress -- wordpress (XSS) vulnerability in Bainternet ShortCodes UI 08 5.4 47231 
plugin <= 1.9.8 versions. 
The Social Sharing Plugin -Social Warfare 
plugin for WordPress is vulnerable to Stored 
Cross-Site Scripting via 'social_warfare' 
shortcode in versions up to, and including, 4.4.3 CVE-2023- 
due to insufficient input sanitization and output 2023-11 4842 
wordpress -- wordpress escaping on user supplied attributes. This 07 5.4 


makes it possible for authenticated attackers 
with contributor-level and above permissions to 
inject arbitrary web scripts in pages that will 
execute whenever a user accesses an injected 
page. 


Primary Dkserintion Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


The Simple Like Page Plugin plugin for 

WordPress is vulnerable to Stored Cross-Site 

Scripting via 'sfp-page-plugin' shortcode in 

versions up to, and including, 1.5.1 due to CVE-2023- 

insufficient input sanitization and output 2023-11- 4888 
wordpress -- wordpress escaping on user supplied attributes. This 07 5.4 

makes it possible for authenticated attackers 

with contributor-level and above permissions to 

inject arbitrary web scripts in pages that will 

execute whenever a user accesses an injected 


page. 


The Ziteboard Online Whiteboard plugin for 
WordPress is vulnerable to Stored Cross-Site 
Scripting via the 'ziteboard' shortcode in 
i to, and including, 2.9.9 due to 
vorai up te an MEN g CVE-2023- 
insufficient input sanitization and output 2023-11- 
wordpress --wordpress i , , , 5.4 5076 
escaping. This makes it possible for 07 
authenticated attackers, with contributor-level 
access and above, to inject arbitrary web scripts 
in pages that will execute whenever a user 


accesses an injected page. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


The ImageMapper plugin for WordPress is 
vulnerable to Stored Cross-Site Scripting via 
‘imagemap' shortcode in versions up to, and 
including, 1.2.6 due to insufficient input 
sanitization and output escaping on user 
supplied attributes. This makes it possible for 
authenticated attackers with contributor-level 
and above permissions to inject arbitrary web 
scripts in pages that will execute whenever a 
user accesses an injected page. 


The QR Code Tag plugin for WordPress is 
vulnerable to Stored Cross-Site Scripting via 
‘qrcodetag' shortcode in versions up to, and 
including, 1.0 due to insufficient input 
sanitization and output escaping on user 
supplied attributes. This makes it possible for 
authenticated attackers with contributor-level 
and above permissions to inject arbitrary web 
scripts in pages that will execute whenever a 
user accesses an injected page. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
5507 


CVE-2023- 
5567 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
ed 


The Bitly's plugin for WordPress is vulnerable to 

Stored Cross-Site Scripting via the plugin's 

‘wpbitly' shortcode in all versions up to, and 

including, 2.7.1 due to insufficient input 

sanitization and output escaping on user 2023-11- 
supplied attributes. This makes it possible for 07 
authenticated attackers with contributor-level 

and above permissions to inject arbitrary web 

scripts in pages that will execute whenever a 

user accesses an injected page. 


The WP Maplt plugin for WordPress is 

vulnerable to Stored Cross-Site Scripting via the 

plugin's 'wp_mapit' shortcode in all versions up 

to, and including, 2.7.1 due to insufficient input 

sanitization and output escaping on user 2023-11- 
supplied attributes. This makes it possible for 07 
authenticated attackers with contributor-level 

and above permissions to inject arbitrary web 

scripts in pages that will execute whenever a 

user accesses an injected page. 


CVSS 
Score 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
5577 


CVE-2023- 
5658 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
p ed 


The Interact: Embed A Quiz On Your Site plugin 
for WordPress is vulnerable to Stored Cross-Site 
Scripting via the plugin's 'interact-quiz' 
shortcode in all versions up to, and including, 


3.0.7 due to insufficient input sanitizati d 
ue to INSUTTICIenNnt Input Sanitization an 2023-11- 


output escaping on user supplied attributes. 07 


This makes it possible for authenticated 
attackers with contributor-level and above 
permissions to inject arbitrary web scripts in 
pages that will execute whenever a user 
accesses an injected page. 


The SendPress Newsletters plugin for 
WordPress is vulnerable to Stored Cross-Site 
Scripting via the plugin's shortcode(s) in all 
versions up to, and including, 1.22.3.31 due to 


insufficient input sanitization and output 
P P 2023-11- 


escaping on user supplied attributes. This 07 


makes it possible for authenticated attackers 
with contributor-level and above permissions to 
inject arbitrary web scripts in pages that will 
execute whenever a user accesses an injected 
page. 


CVSS 
Score 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
5659 


CVE-2023- 
5660 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
R ed 


The Social Feed plugin for WordPress is 

vulnerable to Stored Cross-Site Scripting via the 

plugin's 'socialfeed' shortcode in all versions up 

to, and including, 1.5.4.6 due to insufficient input 
sanitization and output escaping on user 2023-11- 
supplied attributes. This makes it possible for 07 
authenticated attackers with author-level and 

above permissions to inject arbitrary web scripts 

in pages that will execute whenever a user 

accesses an injected page. 


The Featured Image Caption plugin for 
WordPress is vulnerable to Stored Cross-Site 
Scripting via the plugin's shortcode and post 
meta in all versions up to, and including, 0.8.10 


due to insufficient input sanitization and output 
j j 2023-11- 


escaping on user supplied attributes. This 07 


makes it possible for authenticated attackers 
with contributor-level and above permissions to 
inject arbitrary web scripts in pages that will 
execute whenever a user accesses an injected 
page. 


CVSS 
Score 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 


5661 


CVE-2023- 
5669 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
P ed 


The Gift Up Gift Cards for WordPress and 
WooCommerce plugin for WordPress is 
vulnerable to Stored Cross-Site Scripting via the 
plugin's 'giftup' shortcode in all versions up to, 


d including, 2.20.1 due to insufficient input 
and including ue to insufficient inpu 2023-11- 


sanitization and output escaping on user 07 


supplied attributes. This makes it possible for 
authenticated attackers with contributor-level 
and above permissions to inject arbitrary web 
scripts in pages that will execute whenever a 
user accesses an injected page. 


The SEO Slider plugin for WordPress is 
vulnerable to Stored Cross-Site Scripting via the 
plugin's 'slider' shortcode and post meta in all 
versions up to, and including, 1.1.0 due to 


insufficient input sanitization and output 
P P 2023-11- 


escaping on user supplied attributes. This 03 


makes it possible for authenticated attackers 
with contributor-level and above permissions to 
inject arbitrary web scripts in pages that will 
execute whenever a user accesses an injected 
page. 


CVSS 
Score 


5.4 


5.4 


Source & 
Patch Info 


CVE-2023- 
5703 


CVE-2023- 
5707 

MISC 

MISC 
<https://plugins 
.trac.wordpress 
.org/changeset/ 
2987802/seo- 
slider#file3> 
MISC 

MISC 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
The Telephone Number Linker plugin for 
WordPress is vulnerable to Stored Cross-Site 
Scripting via the plugin's 'telnumlink' shortcode 
in all versions up to, and including, 1.2 due to CVE-2023- 
i fficient i t itizati d output 
insu eien input sani ne ion an ou put 2023-11- 5743 
wordpress --wordpress escaping on user supplied attributes. This 07 5.4 


makes it possible for authenticated attackers 
with contributor-level and above permissions to 
inject arbitrary web scripts in pages that will 
execute whenever a user accesses an injected 
page. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


D ription en 
escrip ed 

The video carousel slider with lightbox plugin 2023-11- 

for WordPress is vulnerable to Cross-Site 03 


Request Forgery in version 1.0. This is due to 
missing or incorrect nonce validation on the 
responsive_video_gallery_with_lightbox_video_ 
management_func() function. This makes it 
possible for unauthenticated attackers to delete 
videos hosted from the video slider via a forged 
request granted they can trick a site 
administrator into performing an action such as 
clicking on a link. 


CVSS 
Score 


5.4 


Source & 
Patch Info 


CVE-2023- 
5945 

MISC 
<https://plugins 
.trac.wordpress 
.org/browser/w 
p-responsive- 
video-gallery- 
with- 
lightbox/tags/1. 
0.1/wp- 
responsive- 
video-gallery- 
with- 

lightbox. php> 
MISC 
<https://github. 
com/wp- 
plugins/wp- 
responsive- 
video-gallery- 
with- 
lightbox/blob/ 


master/wp- 


Primary 
Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


wordpress -- wordpress 


wordpress -- wordpress 


The UpdraftPlus: WordPress Backup & Migration 
Plugin plugin for WordPress is vulnerable to 
Cross-Site Request Forgery in all versions up to, 
and including, 1.23.10. This is due to a lack of 
nonce validation and insufficient validation of 
the instance_id on the 'updraftmethod- 
googledrive-auth' action used to update Google 
Drive remote storage location. This makes it 
possible for unauthenticated attackers to 
modify the Google Drive location that backups 
are sent to via a forged request granted they can 
trick a site administrator into performing an 
action such as clicking on a link. This can make 
it possible for attackers to receive backups for a 
site which may contain sensitive information. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in Pixelgrade Comments 
Ratings plugin <= 1.1.7 versions. 


2023-11- 
07 


2023-11- 
06 


5.4 


4.8 


responsive- 
video-gallery- 
with- 
lightbox.php> 
MISC 


CVE-2023- 
5982 


CVE-2023- 
23702 
MISC 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Auth. (admin+) Stored Cross-Site Scripting 


(XSS) vulnerability in Michael Mann Simple Site 


Verify plugin <= 1.0.7 versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in sahumedia SAHU TikTok 
Pixel for E-Commerce plugin <= 1.2.2 versions. 


Auth. (admin+) Stored Cross-Site Scripting 

(XSS) vulnerability in Om Ak Solutions Slick 
Popup: Contact Form 7 Popup Plugin plugin 
<= 1.7.14 versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in Martin Gibson IdeaPush 
plugin <= 8.52 versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in Proper Fraction LLC. 
Admin Bar & Dashboard Access Control plugin 
<= 1.2.8 versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in WP Map Plugins Basic 
Interactive World Map plugin <= 2.0 versions. 


Publish 
ed 


2023-11- 
09 


2023-11- 
08 


2023-11- 
06 


2023-11- 
08 


2023-11- 
06 


2023-11- 
08 


CVSS 
Score 


4.8 


4.8 


4.8 


4.8 


4.8 


4.8 


Source & 
Patch Info 


CVE-2023- 
36688 


CVE-2023- 
46642 


CVE-2023- 
46824 
MISC 


CVE-2023- 
47181 


CVE-2023- 
47184 
MISC 


CVE-2023- 
47223 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in | Thirteen Web Solution 
Post Sliders & Post Grids plugin <= 1.0.20 
versions. 


Auth. (admint+) Stored Cross-Site Scripting 
(XSS) vulnerability in Web-Settler Social Feed | 
All social media in one place plugin <= 1.5.4.6 
versions. 


Auth. (admin+) Stored Cross-Site Scripting 
(XSS) vulnerability in Muneeb Layer Slider 
plugin <= 1.1.9.7 versions. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


4.8 


4.8 


4.8 


Source & 
Patch Info 


CVE-2023- 
47226 


CVE-2023- 
47227 


CVE-2023- 
47228 


Primary 
Vendor -- Product 


wordpress -- wordpress 


aot Publish 
Description ed 
The Responsive Pricing Table WordPress plugin 
before 5.1.8 does not sanitize and escape some 
of its settings, which could allow high privilege 2023-11 
users such as admin to perform Stored Cross- 06 


Site Scripting attacks even when the 
unfiltered_html capability is disallowed (for 
example in multisite setup) 


CVSS 
Score 


4.8 


Source & 
Patch Info 


CVE-2023- 
4810 

MISC 
<https://portsw 
igger.net/web- 
security/cross- 
site- 
scripting/store 
d> 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/dfde5436- 
dd5c-4c70- 
a9c2- 
3cb85cc99c0a 


> 


Primary Desertion Publish CVSS | Source & 
Vendor -- Product POARTE ed Score | Patch Info 


CVE-2023- 
4858 

MISC 
<https://github. 


. p com/nightcloud 
The Simple Table Manager WordPress plugin 
B os/bug_report/ 
through 1.5.6 does not sanitize and escape some , 
. : : . _ blob/main/vend 
of its settings, which could allow high privilege 


i 2023-11- ors/poc2.md> 
wordpress --wordpress users such as admin to perform Stored Cross- 06 4.8 MISC 
Site Scripting attacks even when the 
<https://wpsca 


unfiltered_html capability is disallowed (for 
n.com/vulnerab 


ility/ef8029e0- 
9282-401a- 
a77d- 
10b6656adaa6 


> 


example in multisite setup). 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
ed 


The WP Discord Invite WordPress plugin before 
2.5.2 does not sanitize and escape some of its 
settings, which could allow high privilege users 
such as admin to perform Stored Cross-Site 
Scripting attacks even when the unfiltered_html 
capability is disallowed (for example in multisite 
setup) 


2023-11- 
06 


The User Registration WordPress plugin before 
3.0.4.2 does not sanitize and escape some of its 
settings, which could allow high-privilege users 
such as admin to perform Stored Cross-Site 
Scripting attacks even when the unfiltered_html 


2023-11- 
06 


capability is disallowed (for example in multisite 
setup). 


CVSS 
Score 


4.8 


4.8 


Source & 
Patch Info 


CVE-2023- 
5181 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/564ad2b0- 
6ba6-4415- 
98d7- 
8d41bc1c3d44> 


CVE-2023- 
5228 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/50ae7008- 
46f0-4f89- 
ae98- 
65dcabe4ef09 


> 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


Publish 


Description 
p ed 


The Ninja Forms Contact Form WordPress plugin 
before 3.6.34 does not sanitize and escape its 
label fields, which could allow high privilege 


h int f t X 
users such as admin to perform Stored XSS 2023-11- 


attacks. Only users with the unfiltered_html 06 


capability can perform this, and such users are 
already allowed to use JS in posts/comments 
etc. however the vendor acknowledged and 
fixed the issue 


The URL Shortify WordPress plugin through 1.7.8 
does not sanitise and escape some of its 


tti , which ld allow high privil 
settings, which could allow high privilege users 2023-11- 


such as admin to perform Stored Cross-Site 06 


Scripting attacks even when the unfiltered_html 
capability is disallowed (for example in multisite 
setup) 


CVSS 
Score 


4.8 


4.8 


Source & 
Patch Info 


CVE-2023- 
5530 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/a642f313- 
cc3e-4d75- 
b207- 
1dceb6a7fbae> 
MISC 
<https://ninjafo 
rms.com/blog/s 
aturday-drive- 


x-edition/> 


CVE-2023- 
5605 

MISC 
<https://wpsca 
n.com/vulnerab 
ility/9ec03ef0- 
0c04-4517- 
b761- 
df87af722a64> 


Primary Déserintion Publish CVSS | Source & 
Vendor -- Product p ed Score | Patch Info 


The Amazonify plugin for WordPress is 
vulnerable to Stored Cross-Site Scripting via 
admin settings in all versions up to, and 
including, 0.8.1 due to insufficient input 
sanitization and output escaping. This makes it 


possible for authenticated attackers, with CVE-2023- 

administrator-level permissions and above, to 2023-11- 5819 
wordpress -- wordpress _ , ; i ; 4.8 

inject arbitrary web scripts in pages that will 07 


execute whenever a user accesses an injected 
page. This only affects multi-site installations 
and installations where unfiltered_html has 
been disabled. However, please note that this 
can also be combined with CVE-2023-5818 for 
CSRF to XSS. 


Primary Publish CVSS | Source & 


Vendor -- Product Beceueeen ed Score | Patch Info 
CVE-2023- 
5352 
MISC 
The Awesome Support WordPress plugin before <https://wpsca 
6.1.5 does not correctly authorize the 2023-11- n.com/vulnerab 
wordpress --wordpress , , , 4.3 K 
wpas_edit_reply function, allowing users to edit 06 ility/d32b2136- 
posts for which they do not have permission. d923-4f36- 
bd76- 
af4578deb23b 
The ImageMapper plugin for WordPress is 
vulnerable to unauthorized loss of data due toa 
me capability COEK p the E CVE-2023- 
PE TE E mgm p_elete arga -alax finena m Versions 2023-11- 43 5506 
up to, and including, 1.2.6. This makes it possible 07 


for authenticated attackers, with subscriber- 
level permissions and above, to delete arbitrary 
posts and pages. 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wordpress -- wordpress 


wordpress -- wordpress 


Description 


The ImageMapper plugin for WordPress is 
vulnerable to Cross-Site Request Forgery in 
versions up to, and including, 1.2.6. This is due to 
missing or incorrect nonce validation on the 
‘imgmap_save_area_title’ function. This makes 
it possible for unauthenticated attackers to 
update the post title and inject malicious 
JavaScript via a forged request, granted they 
can trick a site administrator into performing an 
action such as clicking on a link. 


The Amazonify plugin for WordPress is 
vulnerable to Cross-Site Request Forgery in all 
versions up to, and including, 0.8.1. This is due to 
missing or incorrect nonce validation on the 
amazonifyOptionsPage() function. This makes it 
possible for unauthenticated attackers to 
update the plugins settings, including the 
Amazon Tracking ID, via a forged request 
granted they can trick a site administrator into 
performing an action such as clicking on a link. 


Cross-Site Request Forgery (CSRF) in GitHub 
repository pkp/pkp-lib prior to 3.3.0-16. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


4.3 


4.3 


4.3 


Source & 
Patch Info 


CVE-2023- 
5532 


CVE-2023- 
5818 


CVE-2023- 
5902 


Primary 
Vendor -- Product 


wordpress -- wordpress 


wpn-xm --wpn-xm 


Publish 


Description 
j ed 


The ImageMapper plugin for WordPress is 
vulnerable to Cross-Site Request Forgery in 
versions up to, and including, 1.2.6. This is due to 


missing or incorrect nonce validation on multiple 
8 PS 2023-11- 


functions. This makes it possible for 07 


unauthenticated attackers to update the plugin 
settings via a forged request, granted they can 
trick a site administrator into performing an 
action such as clicking on a link. 


A Cross-Site Scripting vulnerability has been 
detected in WPN-XM Serverstack affecting 
version 0.8.6. This vulnerability could allow a 


te attacker t d iall fted 
remote attacker to send a specially crafte b023- 


JavaScript payload through the 03 


/tools/webinterface/index.php parameter and 
retrieve the cookie session details of an 
authenticated user, resulting in a session 
hijacking. 


CVSS 
Score 


4.3 


6.1 


Source & 
Patch Info 


CVE-2023- 
5975 


CVE-2023- 
4592 

MISC 
<https://www.in 
cibe.es/en/incib 
e- 
cert/notices/avi 
so/multiple- 
vulnerabilities- 
wpn-xm- 


serverstack> 


Primary 


Vendor -- Product 


xwiki --xwiki 


Description 


XWiki Platform is a generic wiki platform 
offering runtime services for applications built 
on top of it. XWiki is vulnerable to reflected 
cross-site scripting (RXSS) via the rev’ 
parameter that is used in the content of the 
content menu without escaping. If an attacker 
can convince a user to visit a link with a crafted 
parameter, this allows the attacker to execute 
arbitrary actions in the name of the user, 
including remote code (Groovy) execution in the 
case of a user with programming right, 
compromising the confidentiality, integrity and 
availability of the whole XWiki installation. This 
has been patched in XWiki 15.6 RC1, 15.5.1 and 
14.10.14. The patch in commit ‘04e325d57 can 
be manually applied without upgrading (or 
restarting) the instance. Users are advised to 
upgrade or to manually apply the patch. There 


are no known workarounds for this vulnerability. 


Publish 


ed 


2023-11- 
06 


CVSS 
Score 


6.1 


Source & 
Patch Info 


CVE-2023- 
46732 

MISC 
<https://jira.xwi 
ki.org/browse/x 
wiki-21095> 
MISC 
<https://github. 
com/xwiki/xwik 
j- 
platform/securi 
ty/advisories/g 
hsa-j9rc-w3wv- 
fv62> 

MISC 
<https://github. 
com/xwiki/xwik 
i- 
platform/comm 
it/04e325d57d 
4bcb6ab79bdd 
cafbb19032474 
c2a55> 


Primary 
Vendor -- Product 


xwiki --xwiki 


yugabyte --yugabytedb 


Description 


XWiki Platform is a generic wiki platform. In 
org.xwiki.platform:xwiki-platform-livetable-ui 
starting with version 3.5-milestone-1 and prior 
to versions 14.10.9 and 15.3-rc-1, the mail 
obfuscation configuration was not fully taken 
into account and is was still possible by 
obfuscated emails. This has been patched in 
XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround 
is to modify the page 
*XWiki.LiveTableResultsMacros following the 
patch. 


YugabyteDB is vulnerable to cross site scripting 
(XSS) via log injection. Writing invalidated user 
input to log files can allow an 

unprivileged attacker to forge log entries or 
inject malicious content into the logs. 


Publish 
ed 


2023-11- 
07 


2023-11- 
08 


CVSS | Source & 
Score | Patch Info 


CVE-2023- 
38509 

4.3 

61 CVE-2023- 
6002 


Primary 
Vendor -- Product 


zohocorp-- 
manageengine_desktop 
_central 


Description 


A CRLF injection vulnerability has been found in 
ManageEngine Desktop Central affecting 
version 9.1.0. This vulnerability could allow a 
remote attacker to inject arbitrary HTTP 
headers and perform HTTP response splitting 
attacks via the fileName parameter in 
/STATE_ID/1613157927228/InvSWMetering.csv. 


Publish 
ed 


2023-11- 
03 


CVSS 
Score 


Source & 
Patch Info 


CVE-2023- 
4767 

MISC 
<https://www.in 
cibe.es/en/incib 
e- 
cert/notices/avi 
so/multiple- 
vulnerabilities- 
manageengine- 
desktop- 


central> 


Primary 
Vendor -- Product 


zohocorp-- 
manageengine_desktop 
_central 


zscaler -- 
client_connector 


Back to top 


Publish 


Description 
R ed 


A CRLF injection vulnerability has been found in 
ManageEngine Desktop Central affecting 


ion 9.1.0. Thi l ilit ld all 
version 9.1.0. This vulnerability could allow a 2023-11- 


remote attacker to inject arbitrary HTTP o 


headers and perform HTTP response splitting 
attacks via the fileName parameter in 
/STATE_ID/1613157927228/InvSWMetering.pdf. 


Origin Validation Error vulnerability in Zscaler 
2023-11- 
Abuse. This issue affects Zscaler Client 06 


Client Connector on Linux allows Privilege 


Connector for Linux: before 1.3.1.6. 


Low Vulnerabilities 


CVSS 
Score 


6.1 


6.5 


Source & 
Patch Info 


CVE-2023- 
4768 

MISC 
<https://www.in 
cibe.es/en/incib 
e- 
cert/notices/avi 
so/multiple- 
vulnerabilities- 
manageengine- 
desktop- 


central> 


CVE-2023- 
28794 
MISC 


Primary 
Vendor -- Product 


Description 


Publish 


ed 


CVSS 
Score 


Source & 
Patch Info 


nokia --g-040w- 
q_firmware 


Chunghwa Telecom NOKIA G-040W-Q Firewall 
function does not block ICMP TIMESTAMP 
requests by default, an unauthenticated remote 
attacker can exploit this vulnerability by 
sending a crafted package, resulting in partially 
sensitive information exposed to an actor. 


2023-11- 
03 


3.3 


CVE-2023- 
41354 

MISC 
<https://www.t 
wcert.org.tw/t 
w/cp-132-7504- 
c6a5e-1.html> 


Primary 
Vendor -- Product 


opensc --opensc 


Publish 


Description 
p ed 


An out-of-bounds read vulnerability was found 2023-11- 
in OpenSC packages within the MyEID driver 06 
when handling symmetric key encryption. 

Exploiting this flaw requires an attacker to have 

physical access to the computer and a specially 

crafted USB device or smart card. This flaw 

allows the attacker to manipulate APDU 

responses and potentially gain unauthorized 

access to sensitive data, compromising the 

system's security. 


CVSS 
Score 


3.8 


Source & 
Patch Info 


CVE-2023- 
4535 

MISC 
<https://github. 
com/opensc/op 
ensc/releases/t 
ag/0.24.0-rc1> 
MISC 
<https://github. 
com/opensc/op 
ensc/wiki/open 
sc-security- 
advisories> 
MISC 
<https://github. 
com/opensc/op 
ensc/issues/27 
92#issuecomm 
ent- 
1674806651> 
MISC 

MISC 
<https://access. 


redhat.com/sec 


Primary Publish Source & 


Description 


Vendor -- Product ed Patch Info 


urity/cve/cve- 
2023-4535> 
MISC 
<https://github. 
com/opensc/op 


ensc/commit/fl 


993dc4e0b330 
50b8f72a3558 
ee88b24c4063 
b2> 
Implicit intent hijacking vulnerability in Firewall 
| appiicanion prior to eee ieee in 2023-11- CVE-2023- 
samsung --firewall Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 3.3 
; F or 07 42552 
in Android 13 allows 3rd party application to 
tamper the database of Firewall. 
Improper access control vulnerability in 
aeure NE Samsung Push Service prior to 3.4.10 allows 2023-11- 33 CVE-2023- 
= local attackers to get register ID to identify the 07 42542 
device. 


Back to top 


Severity Not Yet Assigned 


Primary Publish Source & 


Description 
Vendor -- Product a ed Patch Info 


Deserialization of untrusted data in IPC and 
Parquet readers in PyArrow versions 0.14.0 to 
14.0.0 allows arbitrary code execution. An 
application is vulnerable if it reads Arrow IPC, 
Feather or Parquet data from untrusted sources 
(for example user-supplied input files). This 
vulnerability only affects PyArrow, no other 


Apache Arrow implementations or bindings. It is i CVE-2023- 
no 
recommended that users of PyArrow upgrade to 47248 
—_ oe 2023-11- yet 
apache -- pyarrow 14.0.1. Similarly, it is recommended that 
09 calcul 


downstream libraries upgrade their dependency 
requirements to PyArrow 14.0.1 or later. PyPl ated 
packages are already available, and we hope 

that conda-forge packages will be available 

soon. If it is not possible to upgrade, we provide 

a separate package `pyarrow-hotfix` that 

disables the vulnerability on older PyArrow 

versions. See https://pypi.org/project/pyarrow- 


hotfix/ for instructions. 


Primary 
Vendor -- Product 


apache -- 
uima_java_sdk_core 


Description open 
ed 

Deserialization of Untrusted Data, Improper 2023-11- 

Input Validation vulnerability in Apache UIMA 08 


Java SDK, Apache UIMA Java SDK, Apache UIMA 
Java SDK, Apache UIMA Java SDK.This issue 
affects Apache UIMA Java SDK: before 3.5.0. 
Users are recommended to upgrade to version 
3.5.0, which fixes the issue. There are several 
locations in the code where serialized Java 
objects are deserialized without verifying the 
data. This affects in particular: * the 
deserialization of a Java-serialized CAS, but also 
other binary CAS formats that include TSI 
information using the CaslOUtils class; * the 
CAS Editor Eclipse plugin which uses the the 
CaslOUtils class to load data; * the 
deserialization of a Java-serialized CAS of the 
Vinci Analysis Engine service which can receive 
using Java-serialized CAS objects over network 
connections; * the CasAnnotationViewerApplet 
and the CasTreeViewerApplet; * the 
checkpointing feature of the CPE module. Note 
that the UIMA framework by default does not 
start any remotely accessible services (i.e. Vinci) 
that would be vulnerable to this issue. A user or 


CVSS 


Score 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
39913 


Primary 
Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


developer would need to make an active choice 
to start such a service. However, users or 
developers may use the CaslOUtils in their own 
applications and services to parse serialized 
CAS data. They are affected by this issue unless 
they ensure that the data passed to CaslOUtils 
is not a serialized Java object. When using Vinci 
or using CaslOUtils in own 
services/applications, the unrestricted 
deserialization of Java-serialized CAS files may 
allow arbitrary (remote) code execution. As a 
remedy, it is possible to set up a global or 
context-specific ObjectInputFilter (cf. 
https://openjdk.org/jeps/290 and 
https://openjdk.org/jeps/415 ) if running UIMA 
on a Java version that supports it. Note that Java 
1.8 does not support the ObjectInputFilter, so 
there is no remedy when running on this out-of- 
support platform. An upgrade to a recent Java 
version is strongly recommended if you need to 
secure an UIMA version that is affected by this 
issue. To mitigate the issue on a Java 9+ 
platform, you can configure a filter pattern 
through the "jdk.serialFilter" system property 
using a semicolon as a separator: To allow 


Primary 


Vendor -- Product 


Description 


Publish 
ed 


Source & 
Patch Info 


deserializing Java-serialized binary CASes, add 
the classes: * 
org.apache.uima.cas.impl.CASCompleteSerializ 
er * org.apache.uima.cas.impl.CASMgr Serializer 
* org.apache.uima.cas.impl.CASSerializer * 
java.lang.String To allow deserializing CPE 
Checkpoint data, add the following classes (and 
any custom classes your application uses to 
store its checkpoints): * 
org.apache.uima.collection.impl.com.Checkpoin 
tData * org.apache.uima.util.ProcessTrace * 
org.apache.uima.util.impl.ProcessTrace_impl * 
org.apache.uima.collection.base_cpm.SynchPoi 
nt Make sure to use "!*" as the final component 
to the filter pattern to disallow deserialization of 
any classes not listed in the pattern. Apache 
UIMA 3.5.0 uses tightly scoped 
ObjectInputFilters when reading Java-serialized 
data depending on the type of data being 
expected. Configuring a global filter is not 
necessary with this version. 


Primary 
Vendor -- Product 


apereo_foundation -- 
apereo_cas 


appsanywhere-- 
appsanywhere 


appsanywhere-- 
appsanywhere 


Description 


Improper Authentication vulnerability in Apereo 
CAS 

in jakarta.servlet.http.HttpServietRequest.getR 
emoteAddr method allows Multi-Factor 
Authentication bypass. This issue affects CAS: 
through 7.0.0-RC7. It is unknown whether in new 
versions the issue will be fixed. For the date of 
publication there is no patch, and the vendor 
does not treat it as a vulnerability. 


The AppsAnywhere macOS client-privileged 
helper can be tricked into executing arbitrary 
commands with elevated permissions by a local 
user process. 


Symmetric encryption used to protect messages 
between the AppsAnywhere server and client 
can be broken by reverse engineering the client 
and used to impersonate the AppsAnywhere 
server. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
4612 


CVE-2023- 
41138 


CVE-2023- 
41137 


Primary 
Vendor -- Product 


avast/avg -- 
avast/avg_antivirus 


axios --axios 


bigbluebutton -- 
bigbluebutton 


Description 


A time-of-check to time-of-use (TOCTOU) bug in 
handling of IOCTL (input/output control) 
requests. This TOCTOU bug leads to an out-of- 
bounds write vulnerability which can be further 
exploited, allowing an attacker to gain full local 
privilege escalation on the system. This issue 
affects Avast/Avg Antivirus: 23.8. 


An issue discovered in Axios 1.5.1 inadvertently 
reveals the confidential XSRF-TOKEN stored in 
cookies by including it in the HTTP header X- 
XSRF-TOKEN for every request made to any 
host allowing attackers to view sensitive 
information. 


When duplicating a BigBlueButton activity, the 
original meeting ID was also duplicated instead 
of using a new ID for the new activity. This could 
provide unintended access to the original 
meeting. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
5760 


CVE-2023- 
45857 


CVE-2023- 
5543 


Primary peecdotion Publish CVSS | Source & 
Vendor -- Product ca ed Score | Patch Info 


PILOS is an open source front-end for 
BigBlueButton servers with a built-in load 
balancer. The password reset component 
deployed within PILOS uses the hostname 


supplied within the request host header when i 
no 


2023-11- yet CVE-2023- 
08 calcul 47107 
ated 


bigbluebutton -- building a password reset URL. It may be 

bigbluebutton possible to manipulate the URL sent to PILOS 
users so that it points to the attacker's server, 
thereby disclosing the password reset token 
if/when the link is followed. This only affects 
local user accounts and requires the password 
reset option to be enabled. This issue has been 
patched in version 2.3.0. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

A vulnerability, which was classified as 

problematic, was found in Beijing Baichuo Smart 

S85F Management Platform V31RO2B10-01. 

Affected is an unknown function of the file oe CVE-2023- 
E /login.php. The manipulation of the argument 2023-11- yak 5959 
smar sS re RE TOWRWG leads to meat password recovery 1 eal 

The exploit has been disclosed to the public and 

may be used. The identifier of this vulnerability ated 

is VDB-244992. NOTE: The vendor was 

contacted early about this disclosure but did not 

respond in any way. 

Versions of the package chromedriver before 

119.0.1 are vulnerable to Command Injection 

when setting the chromedriver.path to an 

arbitrary system binary. This could lead to i CVE-2023- 
chromedriver -- unauthorized access and potentially malicious 2023-11- yee 26156 
chromedriver actions on the host system. Note: An attacker 09 eal 

must have access to the system running the ae 


vulnerable chromedriver library to exploit it. The 
success of exploitation also depends on the 
permissions and privileges of the process 
running chromedriver. 


Primary 
Vendor -- Product 


combodo--itop 


combodo--itop 


couchhbase_inc. -- 
couchbase_server 


Description 


Cross Site Scripting vulnerability in Combodo 
iTop v.3.1.0-2-11973 allows a local attacker to 
obtain sensitive information via a crafted script 
to the attrib_manager_id parameter in the 
General Information page and the id parameter 
in the contact page. 


An issue in Combodo iTop v.3.1.0-2-11973 allows 
a local attacker to execute arbitrary code viaa 
crafted script to the export-v2.php and 
ajax.render.php components. 


An issue was discovered in Couchbase Server 
7.2.0. There is a private key leak in debug.log 
while adding a pre-7.0 node to a 7.2 cluster. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47488 


CVE-2023- 
47489 


CVE-2023- 
45875 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Discourse is an open source platform for 
community discussion. In versions 3.1.0 through 
3.1.2 of the ‘stable’ branch and versions 
3.1.0,beta6 through 3.2.0.beta2 of the beta and oe CVE-2023- 
‘tests - db hes, Redi ry can be 

| | ests-passe pane es e ie memory 2023-11- yi 47120 

discourse --discourse depleted by crafting a site with an abnormally 10 ical 

long favicon URL and drafting multiple posts Pe 


which Onebox it. The issue is patched in version 
3.1.3 of the `stable` branch and version 
3.2.0.beta3 of the beta’ and `tests-passed` 
branches. There are no known workarounds. 


Discourse is an open source platform for 
community discussion. Prior to version 3.1.3 of 
the ‘stable’ branch and version 3.2.0.beta3 of 


the ‘beta’ and ‘tests-passed’ branches, the not CVE-2023- 


: i embedding feature is susceptible to server-side 2023-11- yet 47121 
discourse --discourse . . . , 
request forgery. The issue is patched in version 10 calcul 
3.1.3 of the `stable` branch and version ated 


3.2.0.beta3 of the beta and `tests-passed` 
branches. As a workaround, disable the 
Embedding feature. 


Primary 
Vendor -- Product 


discourse --discourse 


Description 


Discourse is an open source platform for 
community discussion. Prior to version 3.1.3 of 
the ‘stable’ branch and version 3.2.0.beta3 of 
the ‘beta’ and ‘tests-passed’ branches, if a user 
has been quoted and uses a |’ in their full name, 
they might be able to trigger a bug that 
generates a lot of duplicate content in all the 
posts they've been quoted by updating their full 
name again. Version 3.1.3 of the ‘stable’ branch 
and version 3.2.0.beta3 of the ‘beta’ and ‘tests- 
passed branches contain a patch for this issue. 
No known workaround exists, although one can 
stop the "bleeding" by ensuring users only use 
alphanumeric characters in their full name field. 


Publish CVSS 


ed Score 
not 
2023-11- yet 
10 calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
45806 


Primary 
Vendor -- Product 


discourse --discourse 


Publish 


Description 
ed 


Discourse is an open source platform for 
community discussion. Prior to version 3.1.3 of 
the ‘stable’ branch and version 3.2.0.beta3 of 
the ‘beta’ and ‘tests-passed’ branches, there is 
an edge case where a bookmark reminder is 
sent and an unread notification is generated, but 
the underlying bookmarkable (e.g. post, topic, 
chat message) security has changed, making it 
so the user can no longer access the underlying 
resource. As of version 3.1.3 of the ‘stable’ 
branch and version 3.2.0.beta3 of the ‘beta’ and 
‘tests-passed branches, bookmark reminders 


2023-11- 
10 


are now no longer sent if the user does not have 
access to the underlying bookmarkable, and 
also the unread bookmark notifications are 
always filtered by access. There are no known 
workarounds. 


CVSS | Source & 
Score | Patch Info 


not CVE-2023- 

yet 45816 
calcul 

ated 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Discourse is an open source platform for 
community discussion. Prior to version 3.1.3 of 
the ‘stable’ branch and version 3.2.0.beta3 of 
the ‘beta’ and ‘tests-passed’ branches, some 
theme components allow users to add svgs with 
unlimited “height attributes, and this can affect not CVE-2023- 
discourse --discourse the availability of subsequent replies in a topic. 2023-11- yet 46130 
Most Discourse instances are unaffected, only 10 calcul 
instances with the svgbob or the mermaid ated 


theme component are within scope. The issue is 
patched in version 3.1.3 of the ‘stable’ branch 
and version 3.2.0.beta3 of the ‘beta’ and ‘tests- 
passed branches. As a workaround, disable or 
remove the relevant theme components. 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

Discourse is an open source platform for 

community discussion. Prior to version 3.1.3 of 

the ‘stable’ branch and version 3.2.0.beta3 of 

the ‘beta’ and ‘tests-passed’ branches, some not CVE-2023- 
discourse --discourse links can inject arbitrary HTML tags when 2023-11- yet 47119 

rendered through our Onebox engine. The issue 10 calcul 

is patched in version 3.1.3 of the ‘stable’ branch ated 

and version 3.2.0.beta3 of the ‘beta’ and ‘tests- 

passed branches. There are no known 

workarounds. 

In Eclipse IDE versions < 2023-09 (4.29) some 
gelipee seuneavien- files with xml content are parsed vulnerable not CVE-2023- 

, 7 against all sorts of XXE attacks. The user just 2023-11- yet 4218 

eclipse_ide : : 

needs to open any evil project or update an open 09 calcul 

project with a vulnerable file (for example for ated 


review a foreign repository or patch). 


Primary 
Vendor -- Product 


ethyca --fides 


Publish 


Description 

ed 
Fides is an open-source privacy engineering 2023-11- 
platform for managing the fulfillment of data 08 


privacy requests in your runtime environment, 
and the enforcement of privacy regulations in 
your code. The Fides web application allows 
data subject users to request access to their 
personal data. If the request is approved by the 
data controller user operating the Fides web 
application, the data subject's personal data can 
then be retrieved from connected systems and 
data stores before being bundled together as a 
data subject access request package for the 
data subject to download. Supported data 
formats for the package include json and csv, 
but the most commonly used format is a series 
of HTML files compressed in a ZIP file. Once 
downloaded and unzipped, the data subject user 
can browse the HTML files on their local 
machine. It was identified that there was no 
validation of input coming from e.g. the 
connected systems and data stores which is 
later reflected in the downloaded data. This can 
result in an HTML injection that can be abused 
e.g. for phishing attacks or malicious JavaScript 


CVSS 


Score 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47114 


Primary 
Vendor -- Product 


Publish Source & 
ed Patch Info 


Description 


free_software_foundatio 
n--grub-legacy 


code execution, but only in the context of the 
data subject's browser accessing a HTML page 
using the ‘file:// protocol. Exploitation is limited 
to rogue Admin Ul users, malicious connected 
system / data store users, and the data subject 
user if tricked via social engineering into 
submitting malicious data themselves. This 
vulnerability has been patched in version 2.23.3. 


An attacker with local access to a system (either 


not 
through a disk or external drive) can present a 
a in leang 2023-11- yet CVE-2023- 
modified XFS partition to grub-legacy in such a 
} a7 10 calcul 4949 
way to exploit a memory corruption in grub's sted 


XFS file system implementation. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

In versions of FreeBSD 12.4-RELEASE prior to 

12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE 

prior to 13.2-RELEASE-p5 the __sflush() stdio 

function in libc does not correctly update FILE 

objects’ write space members for write-buffered 

streams when the write(2) system call returns not 

an error. Depending on the nature of an 2023-11- yet CVE-2023- 
freebsd -- freebsd arr . l i 

application that calls libc's stdio functions and 08 calcul 5941 

the presence of errors returned from the write(2) ated 


system call (or an overridden stdio write routine) 
a heap buffer overflow may occur. Such 
overflows may lead to data corruption or the 
execution of arbitrary code at the privilege level 
of the calling program. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
In versions of FreeBSD 13-RELEASE before 13- 
RELEASE-p5, under certain circumstances the 
cap_net libcasper(3) service incorrectly 
validates that updated constraints are strictly aes 


subsets of the active constraints. When only a 
freebsd -- freebsd list of resolvable domain names was specified 
without setting any other limitations, an 


2023-11- yet CVE-2023- 
08 calcul 5978 


application could submit a new list of domains alee 
including include entries not previously listed. 
This could permit the application to resolve 
domain names that were previously restricted. 
An issue has been discovered in GitLab EE 
affecting all versions starting from 15.3 prior to not 
gitlab--gitlab 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 2023-11- yet CVE-2023- 
16.4.1. Code owner approval was not removed 09 calcul 4379 
from merge requests when the target branch ated 


was updated. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

Gitsign is software for keyless Git signing using 

Sigstore. In versions of gitsign starting with 

0.6.0 and prior to 0.8.0, Rekor public keys were 

fetched via the Rekor API, instead of through 

the local TUF client. If the upstream Rekor not CVE-2023- 

oe a server happened to be compromised, gitsign 2023-11- yet 47122 

gitsign --gitsign , : i . : 

clients could potentially be tricked into trusting 10 calcul 

incorrect signatures. There is no known ated 


compromise the default public good instance 
(rekor.sigstore.dev) -anyone using this instance 
is unaffected. This issue was fixed in v0.8.0. No 
known workarounds are available. 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
The filepath package does not recognize paths 
with a \??\ prefix as special. On Windows, a path 
beginning with \??\ is a Root Local Device path 
equivalent to a path beginning with \\?\. Paths 
with a \??\ prefix may be used to access 
arbitrary locations on the system. For example, 
the path \??\c:\x is equivalent to the more 
ee eae common path c:\x. Before fix, Clean could not ites 
me ~ convert a rooted path such as \a\..\??\b into the 2023-11- yet 
pee iepa root local device path \??\b. Clean will now 09 calcul 
convert this to .\??\b. Similarly, Join(\, ??, b) ated 


could convert a seemingly innocent sequence of 
path elements into the root local device path \?? 
\b. Join will now convert this to \.\??\b. In 
addition, with fix, IsAbs now correctly reports 
paths beginning with \??\ as absolute, and 
VolumeName correctly reports the \??\ prefix as 
a volume name. 


Primary 
Vendor -- Product 


go_standard_library -- 
path/filepath 


gpac --mp4box 


harbor --harbor 


Description 


On Windows, The IsLocal function does not 
correctly detect reserved device names in some 
cases. Reserved names followed by spaces, 
such as "COM1", and reserved names "COM" 
and "LPT" followed by superscript 1, 2, or 3, are 
incorrectly reported as local. With fix, IsLocal 


now correctly reports these names as non-local. 


Buffer Overflow vulnerability in gpac MP4Box 
v.2.3-DEV-rev573-g201320819-master allows a 
local attacker to cause a denial of service via 
the gpac/src/isomedia/isom_read.c:2807:51 
function in gf_isom_get_user_data. 


A timing condition in Harbor 2.6.x and below, 
Harbor 2.7.2 and below, Harbor 2.8.2 and below, 
and Harbor 1.10.17 and below allows an attacker 
with network access to create jobs/stop job 
tasks and retrieve job task information. 


Publish 
ed 


2023-11- 
09 


2023-11- 
07 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
45284 


CVE-2023- 
46001 


CVE-2023- 
20902 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
HashiCorp Vault and Vault Enterprise inbound 
client requests triggering a policy check can not 
; lead to an unbounded consumption of memory. 2023-11- yet CVE-2023- 
hashicorp --vault 
A large number of these requests may lead to 09 calcul 5954 
denial-of-service. Fixed in Vault 1.15.2, 1.14.6, ated 
and 1.13.10. 
HCL Connections is vulnerable to reflected 
cross-site scripting (XSS) where an attacker 
may leverage these issues to execute arbitrary i 
no 
hcl_software -- script code in the browser of an unsuspecting 
2023-11- t CVE-2023- 
hcl_connections user after visiting the vulnerable URL which a 


09 lcul 37533 
contains the malicious script code. This may Carer 


t 
allow the attacker to steal cookie-based alee 

authentication credentials and comprise a user's 

account then launch other attacks. 

not 

Headscale through 0.22.3 writes bearer tokens 2023-11- yet CVE-2023- 
headscale --headscale : 

to info-level logs. 11 calcul 47390 


ated 


Primary 
Vendor -- Product 


hoteldruid --hoteldruid 


huawei--emui 


humansignal -- 
label_studio 


Description 


Cross-site scripting vulnerability in 
HOTELDRUID 3.0.5 and earlier allows a remote 
unauthenticated attacker to execute an 
arbitrary script on the web browser of the user 
who is logging in to the product. 


Vulnerability of parameters being out of the 
value range in the QMI service module. 
Successful exploitation of this vulnerability may 
cause errors in reading file data. 


Label Studio is a multi-type data labeling and 
annotation tool with standardized output 
format. There is a vulnerability that can be 
chained within the ORM Leak vulnerability to 
impersonate any account on Label Studio. An 
attacker could exploit these vulnerabilities to 
escalate their privileges from a low privilege 
user to a Django Super Administrator user. The 
vulnerability was found to affect versions before 
1.8.2, where a patch was introduced. 


Publish 
ed 


2023-11- 
10 


2023-11- 
08 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47164 


CVE-2023- 
46772 


CVE-2023- 
43791 


Primary 
Vendor -- Product 


ibm --aix 


ibm --qradar_siem 


jaspersoft--clarity_ppm 


johnson_controls -- 
quantum_hd_unity 


Description 


IBM AIX's 7.3 Python implementation could 
allow a non-privileged local user to exploit a 
vulnerability to cause a denial of service. IBM X- 
Force ID: 267965. 


IBM QRadar SIEM 7.5.0 is vulnerable to cross- 
site scripting. This vulnerability allows users to 
embed arbitrary JavaScript code in the Web UI 
thus altering the intended functionality 
potentially leading to credentials disclosure 
within a trusted session. IBM X-Force ID: 
267484. 


Jaspersoft Clarity PPM version 14.3.0.298 was 
discovered to contain an arbitrary file upload 
vulnerability via the Profile Picture Upload 
function. 


An unauthorized user could access debug 
features in Quantum HD Unity products that 
were accidentally exposed. 


Publish 


ed 


2023-11- 
10 


2023-11- 
11 


2023-11- 
09 


2023-11- 
10 


Cvss 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
45167 


CVE-2023- 
43057 


CVE-2023- 
37790 


CVE-2023- 
4804 


Primary 
Vendor -- Product 


lanaccess -- 
onsafe_monitorhm 


lenovo -- 
1_preload_directory 


lenovo -- bios 


lenovo -- bios 


Description 


An improper input validation vulnerability has 
been found in Lanaccess ONSAFE MonitorHM 
affecting version 3.7.0. This vulnerability could 
lead a remote attacker to exploit the checkbox 
element and perform remote code execution, 
compromising the entire infrastructure. 


A privilege escalation vulnerability was reported 
in Lenovo preloaded devices deployed using 
Microsoft AutoPilot under a standard user 
account due to incorrect default privileges. 


A memory leakage vulnerability was reported in 
the SWSMI_Shadow DXE driver that may allow a 
local attacker with elevated privileges to write 
to NVRAM variables. 


A memory leakage vulnerability was reported in 
the 534D0140 DXE driver that may allow a local 
attacker with elevated privileges to write to 
NVRAM variables. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
6012 


CVE-2023- 
4706 


CVE-2023- 
45075 


CVE-2023- 
45076 


Primary 
Vendor -- Product 


lenovo -- bios 


lenovo -- bios 


lenovo -- bios 


lenovo --desktop_bios 


Description 


A memory leakage vulnerability was reported in 
the 534D0740 DXE driver that may allow a local 
attacker with elevated privileges to write to 
NVRAM variables. 


A memory leakage vulnerability was reported in 
the DustFilterAlertSmm SMM driver that may 
allow a local attacker with elevated privileges to 
write to NVRAM variables. 


A memory leakage vulnerability was reported in 
the NvmramSmm SMM driver that may allow a 
local attacker with elevated privileges to write 
to NVRAM variables. 


A buffer overflow was reported in the 
LemSecureBootForceKey module in some 
Lenovo Desktop products that may allow a local 
attacker with elevated privileges to execute 
arbitrary code. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
45077 


CVE-2023- 
45078 


CVE-2023- 
45079 


CVE-2023- 
43567 


Primary 
Vendor -- Product 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --desktop_bios 


lenovo --ideapad 


Description 


A buffer over-read was reported in the 
LemSecureBootForceKey module in some 
Lenovo Desktop products that may allow a local 
attacker with elevated privileges to disclose 
sensitive information. 


A buffer overflow was reported in the OemSmi 
module in some Lenovo Desktop products that 
may allow a local attacker with elevated 
privileges to execute arbitrary code. 


A potential vulnerability was reported in the SMI 
callback function of the OemSmi driver that may 
allow a local attacker with elevated permissions 
to execute arbitrary code. 


A buffer overflow was reported in the 
FmpSipoCapsuleDriver driver in the IdeaPad 
Duet 3-10IGL5 that may allow a local attacker 
with elevated privileges to execute arbitrary 
code. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
43568 


CVE-2023- 
43569 


CVE-2023- 
43570 


CVE-2023- 
5075 


Primary 
Vendor -- Product 


lenovo --lecloud_app 


lenovo --system_update 


lenovo -- thinkpad 


lenovo --view_driver 


f.b.p --members_line 


Description 


Lenovo LeCloud App improper input validation 
allows attackers to access arbitrary 
components and arbitrary file downloads, which 
could result in information disclosure. 


An uncontrolled search path vulnerability was 
reported in Lenovo System Update that could 

allow an attacker with local access to execute 
code with elevated privileges. 


A vulnerability was reported in some ThinkPad 
BIOS that could allow a physical or local 
attacker with elevated privileges to tamper with 
BIOS firmware. 


A potential use-after-free vulnerability was 
reported in the Lenovo View driver that could 
result in denial of service. 


The leakage of channel access token in F.B.P 
members Line 13.6.1 allows remote attackers to 
send malicious notifications to victims. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
08 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
5079 


CVE-2023- 
4632 


CVE-2023- 
5078 


CVE-2023- 
4891 


CVE-2023- 
47363 


Primary 
Vendor -- Product 


f.b.p--members_line 


f.b.p -- members_line 


f.b.p--members_line 


f.b.p--members_line 


f.b.p -- members_line 


Description 


The leakage of channel access token in nagaoka 
taxi Line 13.6.1 allows remote attackers to send 
malicious notifications to victims 


The leakage of channel access token in Lil.OFF- 
PRICE STORE Line 13.6.1 allows remote 
attackers to send malicious notifications to 
victims. 


The leakage of channel access token in 
craft_members Line 13.6.1 allows remote 
attackers to send malicious notifications to 
victims. 


The leakage of channel access token in 
platinum clinic Line 13.6.1 allows remote 
attackers to send malicious notifications to 
victims. 


The leakage of channel access token in 
taketorinoyu Line 13.6.1 allows remote attackers 
to send malicious notifications to victims. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47364 


CVE-2023- 
47365 


CVE-2023- 
47366 


CVE-2023- 
47367 


CVE-2023- 
47368 


Primary 
Vendor -- Product 


f.b.p--members_line 


f.b.p-- members_line 


f.b.p--members_line 


f.b.p--members_line 


Description 


The leakage of channel access token in 
best_training_member Line 13.6.1 allows remote 
attackers to send malicious notifications. 


The leakage of channel access token in 
bluetrick Line 13.6.1 allows remote attackers to 
send malicious notifications to victims. 


The leakage of channel access token in 
UPDATESALON C-LOUNGE Line 13.6.1 allows 
remote attackers to send malicious notifications 
to victims. 


The leakage of channel access token in 
DRAGON FAMILY Line 13.6.1 allows remote 
attackers to send malicious notifications to 
victims. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47369 


CVE-2023- 
47370 


CVE-2023- 
47372 


CVE-2023- 
47373 


Primary 


Vendor -- Product 


linux --kernel 


linux --kernel 


loytec_electronics -- 
multiple_products 


Description 


A use-after-free flaw was found in 
lan78xx_disconnect in 
drivers/net/usb/lan78xx.c in the network sub- 
component, net/usb/lan78xx in the Linux 
Kernel. This flaw allows a local attacker to crash 
the system when the LAN78XX USB device 
detaches. 


A race condition was found in the QXL driver in 
the Linux kernel. The qxl_mode_dumb_create() 
function dereferences the qobj returned by the 
qxl_gem_object_create_with_handle(), but the 
handle is the only one holding a reference to it. 
This flaw allows an attacker to guess the 
returned handle value and trigger a use-after- 
free issue, potentially leading to a denial of 
service or privilege escalation. 


LOYTEC LINX-212 firmware 6.2.4 and LVIS- 
3ME12-A1 firmware 6.2.2 and LIOB-586 
firmware 6.2.3 devices send password-change 
requests via cleartext HTTP. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
04 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
6039 


CVE-2023- 
39198 


CVE-2023- 
46380 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/nov/ 
0> 


Primary 
Vendor -- Product 


loytec_electronics -- 
multiple_products 


loytec_electronics -- 
multiple_products 


microsoft -- 
edge_chromium 


mldb.ai --mldb.ai 


Description 


LOYTEC LINX-212 firmware 6.2.4 and LVIS- 
3ME12-A1 firmware 6.2.2 and LIOB-586 
firmware 6.2.3 devices lack authentication for 
the preinstalled version of LWEB-802 via an 
lweb802_pre/ URI. An unauthenticated attacker 
can edit any project (or create a new project) 
and control its GUI. 


LOYTEC LINX-212 firmware 6.2.4 and LVIS- 
3ME12-A1 firmware 6.2.2 and LIOB-586 
firmware 6.2.3 devices use cleartext HTTP for 


login. 


Microsoft Edge (Chromium-based) Elevation of 
Privilege Vulnerability 


Cross Site Scripting vulnerability in MLDB.ai 
v.2017.04.17.0 allows a remote attacker to 
execute arbitrary code via a crafted payload to 
the public_html/doc/index.html. 


Publish 
ed 


2023-11- 
04 


2023-11- 
04 


2023-11- 
10 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46381 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/nov/ 
0> 


CVE-2023- 
46382 

MISC 
<https://seclist 
s.org/fulldisclo 
sure/2023/nov/ 
0> 


CVE-2023- 
36027 


CVE-2023- 
46492 


Primary 
Vendor -- Product 


moodle --moodle 


moodle --moodle 


moodle --moodle 


moodle --moodle 


Description 


A remote code execution risk was identified in 
the Lesson activity. By default, this was only 
available to teachers and managers. 


A remote code execution risk was identified in 
the IMSCP activity. By default, this was only 
available to teachers and managers. 


Students in "Only see own membership" groups 
could see other students in the group, which 
should be hidden. 


H5P metadata automatically populated the 
author with the user's username, which could be 
sensitive information. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


Cvss 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
5539 


CVE-2023- 
5540 


CVE-2023- 
5542 


CVE-2023- 
5545 


Primary 
Vendor -- Product 


moodle --moodle 


moodle --moodle 


moodle --moodle 


moodle --moodle 


Description 


Stronger revision number limitations were 
required on file serving endpoints to improve 
cache poisoning protection. 


Insufficient web service capability checks made 
it possible to move categories a user had 
permission to manage, to a parent category they 
did not have the capability to manage. 


In a shared hosting environment that has been 
misconfigured to allow access to other users' 
content, a Moodle user who also has direct 
access to the web server outside of the Moodle 
webroot could utilize a local file include to 
achieve remote code execution. 


Separate Groups mode restrictions were not 
honored in the forum summary report, which 
would display users from other groups. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


2023-11- 
09 


Cvss 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
5548 


CVE-2023- 
5549 


CVE-2023- 
5550 


CVE-2023- 
5551 


Primary 
Vendor -- Product 


natus -- 
multiple_products 


okta --ldap_agent 


Description 


Natus NeuroWorks and SleepWorks before 8.4 
GMA3 utilize a default password of xltek for the 
Microsoft SQL Server service sa account, 
allowing a threat actor to perform remote code 
execution, data exfiltration, or other nefarious 
actions such as tampering with data or 
destroying/disrupting MSSQL services. 


The LDAP Agent Update service with versions 
prior to 5.18 used an unquoted path, which could 
allow arbitrary code execution. 


Publish 
ed 


2023-11- 
10 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47800 


CVE-2023- 
0392 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

OpenTelemetry-Go Contrib is a collection of 

third-party packages for OpenTelemetry-Go. 

Prior to version 0.46.0, the grpc Unary Server 

Interceptor out of the box adds labels 

‘net.peer.sock.addr and ‘net.peer.sock.port that 

have unbound cardinality. It leads to the server's 

potential memory exhaustion when many not CVE-2023- 
opentelemetry -- malicious requests are sent. An attacker can 2023-11- yet 47108 
opentelemetry easily flood the peer address and port for 10 calcul 

requests. Version 0.46.0 contains a fix for this ated 

issue. As a workaround to stop being affected, a 

view removing the attributes can be used. The 

other possibility is to disable grpc metrics 

instrumentation by passing 

‘otelgrpc.WithMeterProvider option with 

‘noop.NewMeterProvider. 

Incorrect Privilege Assignment vulnerability in 

opentext Fortify ScanCentral DAST. not 
opentext -- The vulnerability could be exploited to gain 2023-11- yet CVE-2023- 
fortify_scancentral_dast elevated privileges. This issue affects Fortify 08 calcul 5913 

ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, ated 


22.1.1, 22.2, 23.1. 


Primary 
Vendor -- Product 


openvpn --openvpn 


openvpn --openvpn 


ovh--the_bastion 


Description 


Using the--fragment option in certain 
configuration setups OpenVPN version 2.6.0 to 
2.6.6 allows an attacker to trigger a divide by 
zero behaviour which could cause an application 
crash, leading to a denial of service. 


Use after free in OpenVPN version 2.6.0 to 2.6.6 
may lead to undefined behavoir, leaking memory 
buffers or remote execution when sending 
network buffers to a remote peer. 


The Bastion provides authentication, 
authorization, traceability and auditability for 
SSH accesses. SCP and SFTP plugins don't 
honor group-based JIT MFA. Establishing a 
SCP/SFTP connection through The Bastion via a 
group access where MFA is enforced does not 
ask for additional factor. This abnormal behavior 
only applies to per-group-based JIT MFA. Other 
MFA setup types, such as Immediate MFA, JIT 
MFA on a per-plugin basis and JIT MFA on a per- 
account basis are not affected. This issue has 
been patched in version 3.14.15. 


Publish 
ed 


2023-11- 
11 


2023-11- 
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2023-11- 
08 
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not 
yet 
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ated 


not 
yet 
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ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46849 


CVE-2023- 
46850 


CVE-2023- 
45140 


Primary 
Vendor -- Product 


palo_alto_networks -- 
cortex_xsoar 


pfsense_ce--pfsense_ce 


pfsense_ce --pfsense_ce 


philips -- 
encoreanywhere 


Description 


A local privilege escalation (PE) vulnerability in 
the Palo Alto Networks Cortex XSOAR engine 
software running on a Linux operating system 
enables a local attacker to execute programs 
with elevated privileges if the attacker has shell 
access to the engine. 


An issue discovered in Pfsense CE version 2.6.0 
allows attackers to compromise user accounts 
via weak password requirements. 


An issue discovered in Pfsense CE version 2.6.0 
allows attackers to change the password of any 
user without verification. 


The HTTP header in Philips EncoreAnywhere 
contains data an attacker may be able to use to 
gain sensitive information. 


Publish 
ed 


2023-11- 
08 


2023-11- 
08 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
3282 


CVE-2023- 
29974 


CVE-2023- 
29975 


CVE-2018- 
8863 


Primary 
Vendor -- Product 


phpgurukul -- 
restaurant_table_bookin 
g_system 


phpgurukul -- 
restaurant_table_bookin 
g_system 


Description 


A vulnerability was found in PHPGurukul 
Restaurant Table Booking System 1.0. It has 
been rated as critical. This issue affects some 
unknown processing of the file check- 
status.php of the component Booking 
Reservation Handler. The manipulation leads to 
sql injection. The attack may be initiated 
remotely. The associated identifier of this 
vulnerability is VDB-244943. 


A vulnerability classified as problematic has 
been found in PHPGurukul Restaurant Table 
Booking System 1.0. Affected is an unknown 
function of the file index.php of the component 
Reservation Request Handler. The manipulation 
leads to cross site scripting. It is possible to 
launch the attack remotely. The identifier of this 
vulnerability is VDB-244944. 


Publish 
ed 


2023-11- 
10 


2023-11- 
10 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
6074 


CVE-2023- 
6075 


Primary 
Vendor -- Product 


phpgurukul -- 
restaurant_table_bookin 
g_system 


Description 


A vulnerability classified as problematic was 
found in PHPGurukul Restaurant Table Booking 
System 1.0. Affected by this vulnerability is an 
unknown functionality of the file booking- 
details.php of the component Reservation 
Status Handler. The manipulation of the 
argument bid leads to information disclosure. 
The attack can be launched remotely. The 
identifier VDB-244945 was assigned to this 
vulnerability. 


Publish 
ed 


2023-11- 
10 


CVSS 
Score 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
6076 


Primary 
Vendor -- Product 


piccolo -- piccolo 


Description 


Piccolo is an object-relational mapping and 
query builder which supports asyncio. Prior to 
version 1.1.1, the handling of named transaction 
‘savepoints in all database implementations is 
vulnerable to SQL Injection via f-strings. While 
the likelihood of an end developer exposing a 
‘savepoints ‘name’ parameter to a user is highly 
unlikely, it would not be unheard of. If a 
malicious user was able to abuse this 
functionality, they would have essentially direct 
access to the database and the ability to modify 
data to the level of permissions associated with 
the database user. A non-exhaustive list of 
actions possible based on database permissions 
is: Read all data stored in the database, 
including usernames and password hashes; 
insert arbitrary data into the database, including 
modifying existing records; and gaina shell on 
the underlying server. Version 1.1.1 fixes this 
issue. 


Publish 
ed 


2023-11- 
10 


CVSS 
Score 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47128 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

PrestaShop blockreassurance adds an 

information block aimed at offering helpful 

information to reassure customers that the store 

is trustworthy. When adding a block in oe CVE-2023- 
ae blockreassurance mouie a BO user can meaty 2023-11- l 47109 
baee the nitip rediosi and Be the path of any ne in 08 ical 

the project instead of an image. When deleting 

the block from the BO, the file will be deleted. It atea 

is possible to make the website completely 

unavailable by removing index.php for example. 

This issue has been patched in version 5.1.4. 

Online Job Portal v1.0 is vulnerable to multiple 

Unauthentigatga onl Injection not CVE-2023- 

projectworlds -- vulnerabilities. The 'filename' parameter of the 2023-11- yet 46676 
online_job_portal sign-up.php resource does not validate the 07 calcul 

characters received and they are sent unfiltered ated 

to the database. 

Online Job Portal v1.0 is vulnerable to multiple 

Unauthenticated SQL Injection vulnerabilities. not CVE-2023- 
projectworlds -- The 'txt_uname' parameter of the sign-up.php 2023-11- yet 46677 
online_job_portal resource does not validate the characters 07 calcul 

received and they are sent unfiltered to the ated 


database. 


Primary 
Vendor -- Product 


projectworlds -- 
online_job_portal 


projectworlds -- 
online_job_portal 


projectworlds -- 
online_matrimonial_proj 
ect 


Description 


Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL Injection vulnerabilities. 
The 'txt_upass' parameter of the sign-up.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL Injection vulnerabilities. 
The 'txt_uname_email’ parameter of the 
index.php resource does not validate the 
characters received and they are sent unfiltered 
to the database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The ‘password’ parameter of the 
auth/auth.php resource does not validate the 
characters received and they are sent unfiltered 
to the database. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46678 


CVE-2023- 
46679 


CVE-2023- 
46786 


Primary 
Vendor -- Product 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


Description 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'username' parameter of the 
auth/auth.php resource does not validate the 
characters received and they are sent unfiltered 
to the database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'id' parameter in the 
‘uploadphoto()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The ‘filename’ attribute of the 
‘picl' multipart parameter of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46787 


CVE-2023- 
46788 


CVE-2023- 
46789 


Primary 
Vendor -- Product 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


Description 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The ‘filename’ attribute of the 
‘pic2' multipart parameter of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The ‘filename’ attribute of the 
‘pic4' multipart parameter of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'day' parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46790 


CVE-2023- 
46792 


CVE-2023- 
46793 


Primary 
Vendor -- Product 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


Description 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The ‘email’ parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'gender' parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'month' parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46794 


CVE-2023- 
46795 


CVE-2023- 
46796 


Primary 
Vendor -- Product 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


projectworlds -- 
online_matrimonial_proj 
ect 


Description 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'name' parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'year' parameter in the 
‘register()' function of the functions.php 
resource does not validate the characters 
received and they are sent unfiltered to the 
database. 


Online Matrimonial Project v1.0 is vulnerable to 
multiple Unauthenticated SQL Injection 
vulnerabilities. The 'id' parameter of the 
view_profile.php resource does not validate the 
characters received and they are sent unfiltered 
to the database. 


Publish 
ed 


2023-11- 
07 


2023-11- 
07 


2023-11- 
07 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
46797 


CVE-2023- 
46799 


CVE-2023- 
46800 


Primary 
Vendor -- Product 


qnap_systems_inc. -- 
multiple_products 


qnap_systems_inc. -- 
qumagie 


qnap_systems_inc. -- 
qumagie 


Description 


An OS command injection vulnerability has been 
reported to affect several QNAP operating 
system versions. If exploited, the vulnerability 
could allow authenticated administrators to 
execute commands via a network. We have 
already fixed the vulnerability in the following 
versions: QTS 5.0.1.2376 build 20230421 and 
later QuTS hero h5.0.1.2376 build 20230421 and 
later QuTScloud c5.1.0.2498 and later. 


A SQL injection vulnerability has been reported 
to affect QuMagie. If exploited, the vulnerability 
could allow authenticated users to inject 
malicious code via a network. We have already 
fixed the vulnerability in the following version: 
QuMagie 2.1.4 and later 


An OS command injection vulnerability has been 
reported to affect QuMagie. If exploited, the 
vulnerability could allow authenticated users to 
execute commands via a network. We have 
already fixed the vulnerability in the following 
version: QuMagie 2.1.3 and later 


Publish 
ed 


2023-11- 
10 


2023-11- 
10 


2023-11- 
10 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
23367 


CVE-2023- 
41284 


CVE-2023- 
39295 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
A SQL injection vulnerability has been reported 
sage evetemieine: to affect QuMagie. If exploited, the vulnerability not 
Gina 7 could allow authenticated users to inject 2023-11- yet CVE-2023- 
malicious code via a network. We have already 10 calcul 41285 
fixed the vulnerability in the following version: ated 
QuMagie 2.1.4 and later 
sentry-javascript provides Sentry SDKs for 
JavaScript. An unsanitized input of Next.js SDK 
saniya seni tunnel endpoint allows sending HTTP requests not Pe 
TT to arbitrary URLs and reflecting the response 2023-11- yet 
back to the user. This issue only affects users 10 calcul 
who have Next.js SDK tunneling feature ated 
enabled. The problem has been fixed in version 
7.77.0. 
The Network Configuration Manager was 
solarwinds_-- susceptible to a Directory Traversal Remote not CVE-2023- 
network_configuration_ Code Execution Vulnerability. This vulnerability 2023-11- yet 40054 
manager allows a low-level user to perform the actions 09 calcul 
with SYSTEM privileges. We found this issue ated 


was not resolved in CVE-2023-33226 


Primary 
Vendor -- Product 


solarwinds_-- 
network_configuration_ 
manager 


spiceworks -- 
help_desk_server 


Description 


The Network Configuration Manager was 
susceptible to a Directory Traversal Remote 
Code Execution Vulnerability. This vulnerability 
allows a low-level user to perform the actions 
with SYSTEM privileges. We found this issue 
was not resolved in CVE-2023-33227 


An issue was discovered in Spiceworks Help 
Desk Server before 1.3.3. A Blind Boolean SQL 
injection vulnerability within the 
order_by_for_ticket function in 
app/models/reporting/database_query.rb allows 
an authenticated attacker to execute arbitrary 
SQL commands via the sort parameter. This can 
be leveraged to leak local files from the host 
system, leading to remote code execution (RCE) 
through deserialization of malicious data. 


Publish 
ed 


2023-11- 
09 


2023-11- 
09 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 


40055 


CVE-2021- 
43609 


Primary ae Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Statmic is a core Laravel content management 
system Composer package. Prior to versions 
3.4.13 and 4.33.0, on front-end forms with an i CVE-2023- 
no 
asset upload field, PHP files crafted to look like 47129 
; ; ; . 2023-11- yet 
statmic --statmic images may be uploaded. This only affects 10 icul 
calcu 
forms using the "Forms" feature and not just ied 
ate 


_any_ arbitrary form. This does not affect the 
control panel. This issue has been patched in 
3.4.13 and 4.33.0. 


Primary Dkserintion Publish CVSS | Source & 
Vendor -- Product P ed Score | Patch Info 


Symfony is a PHP framework for web and 
console applications and a set of reusable PHP 
components. Starting in versions 5.4.21 and 
6.2.7 and prior to versions 5.4.31 and 6.3.8, 
‘SessionStrategyListener does not migrate the 
session after every successful login. It does so 
only in case the logged in user changes by 
means of checking the user identifier. In some 


use cases, the user identifier doesn't change not CVE-2023- 
symfony --symfony between the verification phase and the 2023-11- yet 46733 

successful login, while the token itself changes 10 calcul 

from one type (partially-authenticated) to ated 


another (fully-authenticated). When this 
happens, the session id should be regenerated 
to prevent possible session fixations, which is 
not the case at the moment. As of versions 
5.4.31 and 6.3.8, Symfony now checks the type 
of the token in addition to the user identifier 
before deciding whether the session id should 
be regenerated. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
Symfony is a PHP framework for web and 
console applications and a set of reusable PHP 
components. Starting in versions 2.0.0, 5.0.0, nai CVE-2023- 
and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 
symfony --symfony p , : : 2023-11- yet 46734 
6.3.8, some Twig filters in CodeExtension use 
a : : 10 calcul 
is_safe=html but don't actually ensure their aa 
ate 
input is safe. As of versions 4.4.51, 5.4.31, and 
6.3.8, Symfony now escapes the output of the 
affected filters. 
Symfony is a PHP framework for web and 
console applications and a set of reusable PHP 
ts. Starting in version 6.0.0 and prior not 
componen s. Starting p CVE-2023- 
symfony --symfony to version 6.3.8, the error message in 2023-11- yet 
: 3 46735 
WebhookController` returns unescaped user- 10 calcul 
submitted input. As of version 6.3.8, ated 


‘WebhookController now doesn't return any 
user-submitted input in its response. 


Primary 
Vendor -- Product 


telit_cinterion -- 
multiple_products 


telit_cinterion -- 
multiple_products 


Description 


A CWE-120: Buffer Copy without Checking Size 
of Input vulnerability exists in Telit Cinterion 
BGSS5, Telit Cinterion EHS5/6/8, Telit Cinterion 
PDS5/6/8, Telit Cinterion ELS61/81, Telit 
Cinterion PLS62 that could allow a remote 
unauthenticated attacker to execute arbitrary 
code on the targeted system by sending a 
specially crafted SMS message. 


A CWE-269: Improper Privilege Management 
vulnerability exists in Telit Cinterion BGSS5, Telit 
Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, 
Telit Cinterion ELS61/81, Telit Cinterion PLS62 
that could allow a local, low privileged attacker 
to elevate privileges to "manufacturer" level on 
the targeted system. 


Publish 
ed 


2023-11- 
09 


2023-11- 
10 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47610 


CVE-2023- 
47611 


Primary Publish CVSS | Source & 


Vendor -- Product BeSereeen ed Score | Patch Info 
A CWE-552: Files or Directories Accessible to 
External Parties vulnerability exists in Telit 
Cinterion BGSS5, Telit Cinterion EHS5/6/8, Telit aot 
litceintedion: anteren PESSA; Telit Cinterion ELS61/81, 2023-11. géi CVE-2023- 
, Telit Cinterion PLS62 that could allow an 
multiple_products f , 09 calcul 47612 
attacker with physical access to the target 
system to obtain a read/write access to any files ated 
and directories on the targeted system, 
including hidden files and directories. 
A CWE-23: Relative Path Traversal vulnerability 
exists in Telit Cinterion BGS5, Telit Cinterion 
EHS5/6/8, Telit Cinterion PDS5/6/8, Telit not 
telit_cinterion -- Cinterion ELS61/81, Telit Cinterion PLS62 that 2023-11- yet CVE-2023- 
multiple_products could allow a local, low privileged attacker to 09 calcul 47613 
escape from virtual directories and get ated 


read/write access to protected files on the 
targeted system. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
A CWE-200: Exposure of Sensitive Information 
to an Unauthorized Actor vulnerability exists in 
Telit Cinterion BGSS, Telit Cinterion EHS5/6/8, not 
telit_cinterion -- Telit Cinterion PDS5/6/8, Telit Cinterion 2023-11- yet CVE-2023- 
multiple_products ELS61/81, Telit Cinterion PLS62 that could allow 10 calcul 47614 
a local, low privileged attacker to disclose ated 
hidden virtual paths and file names on the 
targeted system. 
A CWE-526: Exposure of Sensitive Information 
Through Environmental Variables vulnerability 
exists in Telit Cinterion BGS5, Telit Cinterion not 
telit_cinterion -- EHS5/6/8, Telit Cinterion PDS5/6/8, Telit 2023-11- yet CVE-2023- 
multiple_products Cinterion ELS61/81, Telit Cinterion PLS62 that 09 calcul 47615 
could allow a local, low privileged attacker to ated 


get access to a sensitive data on the targeted 
system. 


Primary 
Vendor -- Product 


telit_cinterion -- 
multiple_products 


tibco_software_inc. -- 
spotfire 


Description 


A CWE-200: Exposure of Sensitive Information 
to an Unauthorized Actor vulnerability exists in 
Telit Cinterion BGSS, Telit Cinterion EHS5/6/8, 
Telit Cinterion PDS5/6/8, Telit Cinterion 
ELS61/81, Telit Cinterion PLS62 that could allow 
an attacker with physical access to the target 
system to get access to a sensitive data on the 
targeted system. 


The Spotfire Connectors component of TIBCO 
Software Inc.'s Spotfire Analyst, Spotfire Server, 
and Spotfire for AWS Marketplace contains an 
easily exploitable vulnerability that allows a low 
privileged attacker with read/write access to 
craft malicious Analyst files. A successful 
attack using this vulnerability requires human 
interaction from a person other than the 
attacker. Affected releases are TIBCO Software 
Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, 
and 12.5.0, Spotfire Server: versions 12.3.0, 
12.4.0, and 12.5.0, and Spotfire for AWS 
Marketplace: version 12.5.0. 


Publish 
ed 


2023-11- 
09 


2023-11- 
08 


CVSS 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
47616 


CVE-2023- 
26221 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
A vulnerability classified as critical has been 
found in Tongda OA 2017 up to 11.9. Affected is 
an unknown function of the file 
general/system/censor_words/module/delete.p 
hp. The manipulation of the argument aa CVE-2023- 
DELETE_STR leads to sql injection. The exploit 2023-11- vet 6052 
tongda--oa has been disclosed to the public and may be 09 eisai 
used. Upgrading to version 11.10 is able to ated 


address this issue. It is recommended to 
upgrade the affected component. The identifier 
of this vulnerability is VDB-244872. NOTE: The 
vendor was contacted early about this 
disclosure but did not respond in any way. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 

A vulnerability, which was classified as critical, 

has been found in Tongda OA 2017 up to 11.9. 

Affected by this issue is some unknown 

functionality of the file 

general/system/censor_words/manage/delete.p 

hp. The manipulation of the argument not CVE-2023- 
neUa DELETE_STR leads to sql injection. The exploit 2023-11- yet 6053 

has been disclosed to the public and may be 09 calcul 

used. Upgrading to version 11.10 is able to ated 


address this issue. It is recommended to 
upgrade the affected component. VDB-244874 
is the identifier assigned to this vulnerability. 
NOTE: The vendor was contacted early about 
this disclosure but did not respond in any way. 


Primary ao Publish CVSS | Source & 
Description 


Vendor -- Product ed Score | Patch Info 
A vulnerability, which was classified as critical, 
was found in Tongda OA 2017 up to 11.9. This 
affects an unknown part of the file 
general/wiki/cp/manage/lock.php. The 
manipulation of the argument TERM_ID_STR CVE-2023- 
leads to sql injection. The exploit has been ae 6054 
: : 2023-11- yet 
tongda--oa disclosed to the public and may be used. 09 eisai 
Upgrading to version 11.10 is able to address this 
issue. It is recommended to upgrade the aien 
affected component. The associated identifier 
of this vulnerability is VDB-244875. NOTE: The 
vendor was contacted early about this 
disclosure but did not respond in any way. 
Attacker can perform a Denial-of-Service attack 
to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 not 
f (and other vehicles of the VW Group with the 2023-11- yet CVE-2023- 
volkswagen --id.3 i 
same hardware) and spoof volume setting 10 calcul 6073 
commands to irreversibly turn on audio volume ated 


to maximum via REST API calls. 


Primary 
Vendor -- Product 


wbce_cms --wbce_cms 


wildfly-core -- wildfly- 
core 


wordpress -- wordpress 


Description 


SQL injection vulnerability in the miniform 
module in WBCE CMS v.1.6.0 allows remote 
unauthenticated attacker to execute arbitrary 
code via the DB_LRECORD_TABLE parameter. 


A flaw was found in wildfly-core. A management 
user could use the resolve-expression in the 
HAL Interface to read possible sensitive 
information from the Wildfly system. This issue 
could allow a malicious user to access the 
system and obtain possible sensitive 
information from the system. 


Cross-Site Request Forgery (CSRF) vulnerability 
in ReCorp Export WP Page to Static HTML/CSS 
plugin <= 2.1.9 versions. 


Publish 
ed 


2023-11- 
10 


2023-11- 
08 


2023-11- 
10 


Cvss 
Score 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


not 
yet 
calcul 
ated 


Source & 
Patch Info 


CVE-2023- 
39796 


CVE-2023- 
4061 


CVE-2023- 
31077 


Primary 
Vendor -- Product 


xwiki -- xwiki 


yugabytedb -- 


yugabytedb_anywhere 


Description 


application-collabora is an integration of 
Collabora Online in XWiki. As part of the 
application use cases, depending on the rights 
that a user has over a document, they should be 
able to open the office attachments files in view 
or edit mode. Currently, if a user opens an 
attachment file in edit mode in collabora, this 
right will be preserved for all future users, until 
the editing session is closes, even if some of 
them have only view right. Collabora server is 
the one issuing this request and it seems that 
the ‘userCanWrite’ query parameter is cached, 
even if, for example, token is not. This issue has 
been patched in version 1.3. 


Prometheus metrics are available without 
authentication. These metrics expose detailed 
and sensitive information about the YugabyteDB 
Anywhere environment. 
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Vendor -- Product ed Score | Patch Info 

ZITADEL provides identity infrastructure. 

ZITADEL provides administrators the possibility 

to define a Lockout Policy’ with a maximum 

amount of failed password check attempts. On 

every failed password check, the number of 

failed checks is compared against the not CVE-2023- 

; , configured maximum. Exceeding the limit, will 2023-11- yet 47111 

zitadel --zitadel er 

lock the user and prevent further authentication. 08 calcul 

In the affected implementation it was possible ated 

for an attacker to start multiple parallel 

password checks, giving him the possibility to 

try out more combinations than configured in 

the ‘Lockout Policy’. This vulnerability has been 

patched in versions 2.40.5 and 2.38.3. 

The improper privilege management 

vulnerability in the Zyxel GS1900-24EP switch not 
zyxel--gs1900-24ep firmware version V2.70(ABTO.5) could allow an 2023-11- yet CVE-2023- 

authenticated local user with read-only access 07 calcul 35140 

to modify system settings on a vulnerable ated 


device. 
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Please share your thoughts 


We recently updated our anonymous product survey; we’d welcome your 
feedback. 
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